Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/benjisec/mvpsummit2024
https://github.com/benjisec/mvpsummit2024
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/benjisec/mvpsummit2024
- Owner: BenjiSec
- License: gpl-3.0
- Created: 2024-03-11T16:17:09.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2024-03-11T21:22:41.000Z (10 months ago)
- Last Synced: 2024-10-14T14:34:04.538Z (3 months ago)
- Size: 23.4 KB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Awesome Lists containing this project
README
# Create Attack Distruption scenario using Logic Apps
author: Benji Kovacevic & Christos Ventouris (cventour)
This is sample playbook demonstrating how to create Attack Distruption scenario using Logic Apps.
# Prerequisites
1. Create App Registration in Entra ID portal and save Tenant ID, Application ID
2. Create and save Secret for App Registration (Note: We always suggest to use Azure Key Vault to save a secret to.)
3. Assign AdvancedHunting.Read.All permission to created App Registration (APIs my organization uses -> Microsoft Threat Protection)
4. Save Object ID of SOC group from Entra ID
5. Create Pan OS API key
# Quick Deployment
Deploy a playbook
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FBenjiSec%2FMVPSummit2024%2Fmain%2Fazuredeploy.json)
[](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FBenjiSec%2FMVPSummit2024%2Fmain%2Fazuredeploy.json)
# Post-deployment
1. Authorize Microsft Defender for Endpoint, Entra ID, and Microsoft Outlook connections
# Note
You can update Hunting query used in Parameters section of Logic App. Please note that you will need to update action Parse JSON with new schema based on Hunting query result, as well as values used from Parse JSON action in the rest of the Logic App.