Skip to content

Commit

Permalink
Sentinel to MS Sentinel
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-prasadboke
v-prasadboke committed Nov 2, 2023
1 parent fce8ca2 commit aa08134
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5910,7 +5910,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "DomainName",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
Expand Down Expand Up @@ -6420,7 +6420,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
"description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "IpAddress",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
Expand Down Expand Up @@ -6647,7 +6647,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "Url",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
Expand Down
2 changes: 1 addition & 1 deletion ...rEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "DomainName",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
Expand Down
2 changes: 1 addition & 1 deletion ...int/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
"description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "IpAddress",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
Expand Down
2 changes: 1 addition & 1 deletion ...nderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@
"body": {
"action": "AlertAndBlock",
"application": "Microsoft Sentinel",
"description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
"expirationTime": "@{addDays(utcNow(), 90)}",
"indicatorType": "Url",
"indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
Expand Down

0 comments on commit aa08134

Please sign in to comment.