Skip to content

siscale/azure-sentinel-arcanna-orchestrator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
arcanna-feedback-loop
arcanna-feedback-loop
 
 
README.md
README.md
 
 
azuredeploy.json
azuredeploy.json
 
 

Repository files navigation

azure-sentinel-arcanna-orchestrator

Quick Deployment

Assign Microsoft Sentinel Responder role to the Playbook's managed identity. Go to your Logic App > Identity > Add Azure role assignments > Add Microsoft Sentinel Responder

image

Deployment with Arcanna

If consumption plan is used make sure the ip Address from Logic Apps that region are accesible. See https://www.microsoft.com/en-us/download/details.aspx?id=56519 and add the Whitelist.
Deploy with incident trigger (recommended)

After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Learn more about automation rules

Arcanna-Orchestrator

  • used to send incidents to Arcanna and await inference results

Deploy to Azure Deploy to Azure Gov

Arcanna Feedback Loop

  • used to automatically propagate feedback to Arcanna once an incident was closed in Sentinel

Deploy to Azure Deploy to Azure Gov

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •