Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validation Test #11525

Draft
wants to merge 33 commits into
base: master
Choose a base branch
from
+1 −3
Draft

Validation Test #11525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
41b0fcc
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
8d0bee5
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
5b52ca0
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
7947d85
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
0bef315
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
7753cbe
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
7d4452e
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
213676d
commit
v-atulyadav Dec 5, 2024
effb18f
commit1
v-atulyadav Dec 5, 2024
774b5cf
commit
v-atulyadav Dec 5, 2024
f2c8b67
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 5, 2024
aabcf0a
commit
v-atulyadav Dec 5, 2024
566e70a
Update CiscoUmbrella_API_FunctionApp.json
v-atulyadav Dec 5, 2024
0a79549
Update CiscoUmbrella_API_FunctionApp.json
v-atulyadav Dec 5, 2024
755f164
Update CiscoUmbrella_API_FunctionApp.json
v-atulyadav Dec 5, 2024
a58827f
Update GarrisonULTRARemoteLogs_ConnectorUI.json
v-atulyadav Dec 5, 2024
cc33a9c
Update Cisco_Umbrella.yaml
v-atulyadav Dec 5, 2024
9530518
Create Cisco_Umbrella - Copy.txt
v-atulyadav Dec 5, 2024
d2bf3b0
commit
v-atulyadav Dec 5, 2024
f37023f
Update readme.md
v-atulyadav Dec 5, 2024
f4bbd09
Update readme.md
v-atulyadav Dec 5, 2024
0864d71
Update readme.md
v-atulyadav Dec 5, 2024
5f606e0
Capitalize "Sentinel" in readme.md
rahul0216 Dec 5, 2024
e394e63
Update readme.md
v-atulyadav Dec 6, 2024
061a054
commit
v-atulyadav Dec 6, 2024
bcbd977
Update CiscoUmbrella_API_FunctionApp.json
v-atulyadav Dec 6, 2024
086bc72
Update CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
v-atulyadav Dec 7, 2024
3a939f0
Create Cisco_Umbrella - Copy.txt
v-atulyadav Dec 7, 2024
1f7e93e
Update WorkbooksMetadata.json
v-atulyadav Dec 7, 2024
41696a0
commit
v-atulyadav Dec 7, 2024
1e88198
Update azuredeploy.json
v-atulyadav Dec 7, 2024
27bda5b
Update azuredeploy.json
v-atulyadav Dec 11, 2024
2a78502
playbook
v-atulyadav Dec 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions Solutions/CiscoUmbrella/Playbooks/Playbooks/CiscoUmbrella-BlockDomain/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,12 +252,10 @@
"value": {
"azuresentinel": {
"connectionName": "[variables('AzureSentinelConnectionName')]",
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
"id": "[concat('/subscriptions/',subscription().subscriptionId, '/providers/Microsoft.Web/locations/',resourceGroup().location,'/managedApis/azuresentinel')]"
},
"ciscoumbrellaenforcement": {
"connectionId": "[resourceId('Microsoft.Web/connections', variables('CiscoUmbrellaEnforcementAPIConnectionName'))]",
"connectionName": "[variables('CiscoUmbrellaEnforcementAPIConnectionName')]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('customApis_ciscoumbrellaenforcement_name'))]"
}
}
Expand Down
2 changes: 1 addition & 1 deletion Solutions/CiscoUmbrella/Playbooks/Playbooks/CiscoUmbrella-BlockDomain/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,5 @@ Once deployment is complete, authorize each connection.

#### b. Configurations in Sentinel

1. In Microsoft sentinel, analytical rules should be configured to trigger an incident with a malicious URL. In the *Entity maping* section of the analytics rule creation workflow, malicious URL should be mapped to **Url** identitfier of the **URL** entity type. Check the [documentation](https://docs.microsoft.com/azure/sentinel/map-data-fields-to-entities) to learn more about mapping entities.
1. In Microsoft Sentinel, analytical rules should be configured to trigger an incident with a malicious URL. In the *Entity maping* section of the analytics rule creation workflow, malicious URL should be mapped to **Url** identitfier of the **URL** entity type. Check the [documentation](https://docs.microsoft.com/azure/sentinel/map-data-fields-to-entities) to learn more about mapping entities.
2. Configure the automation rules to trigger the playbook.
Loading