Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/piaudonn/SecurityNotifications

Send security notifications to your users when something important happened on their accounts (such as new MFA methods, atypical travels, TAP usage...).
https://github.com/piaudonn/SecurityNotifications

azure-ad azure-ad-identity-protection log-analytics-workspace security security-automation

Last synced: 5 days ago
JSON representation

Send security notifications to your users when something important happened on their accounts (such as new MFA methods, atypical travels, TAP usage...).

Host: GitHub
URL: https://github.com/piaudonn/SecurityNotifications
Owner: piaudonn
License: mit
Created: 2023-02-21T21:39:18.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-04-13T12:02:10.000Z (over 1 year ago)
Last Synced: 2024-08-01T21:56:21.810Z (3 months ago)
Topics: azure-ad, azure-ad-identity-protection, log-analytics-workspace, security, security-automation
Language: PowerShell
Homepage:
Size: 283 KB
Stars: 9
Watchers: 5
Forks: 2
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

## 👀 Security End-user Notification (SEEN)

### ❓ What is **SEEN**?

**SEEN** allows you to send automatic email notifications to end-users when specific security events are detected on their Azure AD accounts. Events such as:
- a Multi Factor Authentication method was added, updated or removed
- a Temporary Access Pass ([TAP](https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass)) was created or used
- an Atypical travel was detected by [Azure AD Identity Protection](https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection)

**SEEN** let you customize the emails sent to inform the users of these events and encourage them to reach out to your security team or support.

**SEEN** is leveraging a combination of Logic Apps to automate the detection of the security events and the notification to end users with many customizable options. **SEEN** read the Azure AD sign-in logs and audit logs from a Log Analytics workspace (`SigninLogs` and `AuditLogs` tables).

### ⚙️ Deployment

The full solution is available for deployment in the [Deployment](/deploy/) section and additional documentation can be found in [Docs](/docs/).

If you have any questions about this project or would like to provide suggestions to the **SEEN** project maintainers please open an [issue](https://github.com/piaudonn/SecurityNotifications/issues/new/choose).