New Blog Post | How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

%3CLINGO-SUB%20id%3D%22lingo-sub-3456496%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20How%20to%20Query%20HaveIBeenPwned%20Using%20a%20Microsoft%20Sentinel%20Playbook%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3456496%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1654101270826.png%22%20style%3D%22width%3A%20672px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22AshleyMartin_0-1654101270826.png%22%20style%3D%22width%3A%20672px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F376827iCF7BC4FB3003D787%2Fimage-dimensions%2F672x316%3Fv%3Dv2%22%20width%3D%22672%22%20height%3D%22316%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1654101270826.png%22%20alt%3D%22AshleyMartin_0-1654101270826.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%3CA%20href%3D%22https%3A%2F%2Fazurecloudai.blog%2F2022%2F06%2F01%2Fhow-to-query-haveibeenpwned-using-an-azure-sentinel-playbook%2F%3FWT.mc_id%3Dmodinfra-68478-rotrent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EHow%20to%20Query%20HaveIBeenPwned%20Using%20a%20Microsoft%20Sentinel%20Playbook%20-%20Azure%20Cloud%20%26amp%3B%20AI%20Domain%20Blog%20(azurecloudai.blog)%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EI%E2%80%99ve%20known%20Troy%20Hunt%20for%20a%20number%20of%20years%20and%20his%20contributions%20to%20the%20security%20and%20privacy%20industry%20have%20been%20hugely%20valuable%20and%20much%20appreciated%20by%20the%20masses.%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%3CA%20href%3D%22https%3A%2F%2Fhaveibeenpwned.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3EHaveIBeenPwned%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eis%20a%20great%20resource%20developed%20and%20maintained%20by%20Troy.%20It%20provides%20the%20ability%20to%20query%20against%20its%20database%20to%20expose%20domains%20or%20user%20accounts%20that%20have%20been%20caught%20up%20in%20any%20of%20the%20number%20of%20reported%20industry%20data%20breaches.%20Wouldn%E2%80%99t%20it%20be%20nice%2C%20then%2C%20to%20have%20this%20data%20available%20for%20your%20Microsoft%20Sentinel%20investigations%3F%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EFortunately%2C%20Troy%20provides%20an%20API%20for%20his%20service.%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EI%E2%80%99ve%20provided%20a%20Microsoft%20Sentinel%20Playbook%20that%20takes%20email%20addresses%20associated%20with%20an%20Incident%20and%20submits%20them%20through%20the%20API%20and%20returns%20a%20quick%20note%20to%20the%20Comments%20tab%20in%20the%20Incident%20as%20to%20whether%20or%20not%20the%20email%20address(es)%20has%20been%20compromised.%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EOriginal%20Post%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-how-to-query-haveibeenpwned-using-a-microsoft%2Fm-p%2F3456448%23M7450%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20How%20to%20Query%20HaveIBeenPwned%20Using%20a%20Microsoft%20Sentinel%20Playbook%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3456496%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPlaybooks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1654101270826.png

How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook - Azure Cloud & AI Domain Blog (azur...

 

I’ve known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by the masses.

 

HaveIBeenPwned is a great resource developed and maintained by Troy. It provides the ability to query against its database to expose domains or user accounts that have been caught up in any of the number of reported industry data breaches. Wouldn’t it be nice, then, to have this data available for your Microsoft Sentinel investigations?

 

Fortunately, Troy provides an API for his service.

 

I’ve provided a Microsoft Sentinel Playbook that takes email addresses associated with an Incident and submits them through the API and returns a quick note to the Comments tab in the Incident as to whether or not the email address(es) has been compromised.

 

Original Post: New Blog Post | How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook - Microsoft Tech Com...

0 Replies