Microsoft Sentinel Security Playbooks

This repository contains sample security playbooks designed for security automation, orchestration, and response (SOAR). Each folder includes a security playbook ARM template that utilizes a Microsoft Sentinel trigger. Instructions for deploying a custom template: After selecting a playbook in the Azure portal: 1. Search for "deploy a custom template." 2. Click on "build your own template in the editor." 3. Paste the contents from the GitHub playbook. 4. Click "Save." 5. Fill in the required data and click "Purchase." Once the deployment is complete, you will need to authorize each connection: 1. Click on the Microsoft Sentinel connection resource. 2. Click "edit API connection." 3. Click "Authorize." 4. Click "Save." 5. Repeat these steps for any other connections as needed.

To use the Azure Log Analytics Data Collector, you will need to provide the workspace ID and Key. You can then proceed to edit the playbook within Logic Apps. Here are the instructions for creating a template from a playbook: Option 1: Use the Azure Logic App/Playbook ARM Template Generator 1. Download the tool and execute the PowerShell script. 2. Extract the folder and open "Playbook_ARM_Template_Generator.ps1" using either Visual Studio Code, Windows PowerShell, or PowerShell Core. Note: The script must be run from your local machine. You need to enable PowerShell script execution. To do this, run the appropriate command.