User Profile
AdamJones
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Azure Sentinel Multi tenant/MSSP Playbooks
Hi, Just to add some background before I ask the question. We have about 8 customers that we have deployed a CSP Subscription and put Sentinel on. We have then used Lighthouse to grant us access. This has been working great and no real problems as we can centrally run queries, see incidents and hunt etc. We are currently having to create multiple copies of the same playbook for each customer and putting it on their CSP subscription because we simply cannot get it to run when it exists on our "Master" subscription. How do we go around creating a single playbook that will work no matter the customer/subscription? I assume this is possible and before we start adding any more customers we thought we would check. For example we have a Playbook that isolates a host using Defender ATP. Works great when deployed direct to the customer's subscription and it executes without issue. Thanks7.7KViews0likes12Comments
Groups
Recent Blog Articles
No content to show