User Profile
jeffazure
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
URL Clic API for MDO ?
Hello everyone, TL;DR : is it a MDO SafeLinks API, or a Microsoft 365 Defender where we can check whether a URL has been clicked or not? I'm a security officer, working with Azure sentinel and logic apps. I frequently receive security incidents where I have to investigate if users accessed bad URLs. I want too automate this a bit and set up a logic app for that. Do you know if there is any documentation on this (and if this feature is available)?1.2KViews0likes3CommentsRe: Playbooks appear in playbooks list, but not available for automated response (bis)
I found it! it was a bug! When a logic App is created with the wrong trigger at first (alert instead of incident), it's not seen by Automation rule plaubook menu (normal). But even when afterwards trigger is changed to "Incident rule was created", playbook type is still not updated, so Automation rule can't see it. had to delete my Logic App and recreate it to make it work.4KViews0likes1CommentRe: Playbooks appear in playbooks list, but not available for automated response (bis)
Hi Rod_Trent, Thank you for your answer. That one was rather tricky, interface is not clear for automation for this subject. I successfully applied right permission to my user (I got Sub owner account in parallel) AND followed your tutorial (from : https://docs.microsoft.com/fr-fr/azure/sentinel/tutorial-respond-threats-playbook). All rights are OK in RG IAM, I can see "Security Insights" having Automation rights (please note that my Logic App is in the same RG as Sentinel). Not my user, nor even Owner can see playbook anyway in the "New automation rule" menu.3.9KViews0likes2CommentsPlaybooks appear in playbooks list, but not available for automated response (bis)
Following: Playbooks appear in playbooks list, but not available for automated response (solved but not relevant) And: Unable to add playbook to automated incident response for Azure Sentinel (Not relevant) Assoc. Doc. https://docs.microsoft.com/fr-fr/azure/sentinel/tutorial-respond-threats-playbook ) Hi Microsoft, I created a Logic App with handler "when incident creation in Sentinel rule was Triggered"*. I got Read rights on the RG and Logic Apps operator & Contributor + Sentinel contributor. I can see my LogicApp in the playbook thumb (enabled, with good trigger descirption), yet I can't see it when creating automation from "Automation" thumb. (Rule : "If analytics name contains : All") Is it a bug? Did I miss something? EDIT 07-20: added with Subscription owner rights the RG access to Sentinel Automation, giving "Azure Sentinel Automation Contributor"rights to “Azure Security Insights” on the resource group. Source. No effect. * I18n approximative from French.Solved4.1KViews1like4CommentsRe: Playbooks appear in playbooks list, but not available for automated response
Hi Microsoft, I created a Logic App with handler "when incident creation in Sentinel rule was Triggered"*. I got read rights on the RG and Logic Apps operator & Contributor + Sentinel contributor. I can see my LogicApp in the playbook thumb (enabled, with good trigger descirption), yet I can't see it when creating automation from "Automation" thumb. Is it a bug ? Did I miss something? * I18n approximative from French.3.8KViews0likes0Comments
