File tree
2,035 files changed
+0
-167628
lines changed- Playbooks
- .template
- alert-trigger
- images
- incident-trigger
- images
- 2S-Sentinel2MISP
- MISP-Forwarder
- MISP-Orchestrator
- AD4IoT-AutoCloseIncidents
- images
- AD4IoT-MailbyProductionLine
- images
- AD4IoT-NewAssetServiceNowTicket
- images
- AD4IoT-TritonDetectionAndResponse
- ADX-Health-Playbook
- images
- AS-AI-Commandline-Analysis
- Images
- AS-Add-Azure-AD-User-Job-Title-to-Incident
- Images
- AS-Add-Machine-Logon-Users-to-Incident
- Images
- AS-Azure-AD-Disable-User
- Images
- AS-Azure-AD-Enable-User
- Images
- AS-Azure-AD-Group
- Images
- AS-Blob-Storage-Add-Domains-to-Zscaler-URL-Category
- Images
- AS-Block-GitHub-User
- CreateJWT-Function
- Encode-Private-Key
- Images
- AS-Block-Hash-in-Defender
- Images
- AS-Clear-Okta-Network-Zone-List
- Images
- AS-Compromised-Machine-Tagging
- Images
- AS-Create-Opsgenie-Incident
- Images
- AS-Delete-App-Registration
- Images
- AS-Disable-Microsoft-Entra-ID-User-From-Entity
- Images
- AS-Edgescan-Integration
- AS-Edgescan-Integration-Assets
- AS-Edgescan-Integration-Hosts
- AS-Edgescan-Integration-Vulnerabilities
- Images
- AS-Enable-Microsoft-Entra-ID-User-From-Entity
- Images
- AS-IAM-Entra-ID-Master-Playbook
- AS-IP-Blocklist-HTTP
- Images
- AS-Microsoft-Entra-ID-Revoke-User-Sessions-HTTP
- Images
- Images
- AS-IAM-Master-Playbook
- AS-IP-Blocklist-HTTP
- Images
- AS-Microsoft-Entra-ID-Revoke-User-Sessions-HTTP
- Images
- AS-Okta-NetworkZoneUpdate-HTTP
- Images
- AS-Okta-Terminate-User-Sessions-HTTP
- Images
- Images
- AS-IP-Blocklist-Remove-IPs
- Images
- AS-IP-Blocklist
- Images
- AS-Import-Azure-AD-Group-Users-to-MS-Watchlist
- Images
- AS-Incident-Host-Exposure-Level
- Images
- AS-Incident-IP-Matched-on-Watchlist
- Images
- AS-Incident-Response-Approval-Email
- Images
- AS-Incident-Spiderfoot-Scan
- Images
- AS-MDE-Isolate-Machine
- Images
- AS-MDE-Unisolate-Machine
- Images
- AS-Make-GitHub-Repository-Private
- CreateJWT-Function
- Encode-Private-Key
- Images
- AS-Microsoft-DCR-Log-Ingestion
- Images
- Samples
- Scripts
- AS-Okta-NetworkZoneUpdate
- Images
- AS-PagerDuty-Integration
- Images
- AS-Recurring-Host-Entity
- Images
- AS-Remove-Domains-from-Zscaler-URL-Category
- Images
- AS-Revoke-Azure-AD-User-Session-From-Entity
- Images
- AS-Revoke-Azure-AD-User-Session-From-Incident
- Images
- AS-Sign-Out-Google-User
- CreateGoogleJWT
- Images
- AS-Slack-Integration
- Images
- AS-Terminate-Okta-User-Session-From-Entity
- Images
- AS-Update-Okta-Network-Zone-From-Entity
- Images
- Add-IP-Entity-To-NSG
- images
- Add-IP-Entity-To-Named-Location
- images
- Affected-Key-Credentials-CVE-2021-42306
- images
- Aggregate-SNOW-tickets
- AutoConnect-ASCSubscriptions
- AzureMonitor-ManagedId
- Block-AADUserOrAdmin
- alert-trigger
- images
- images
- incident-trigger
- images
- Block-ExchangeIP
- Screenshots
- Block-IPs-on-MDATP-Using-GraphSecurity
- Block-OnPremADUser
- images
- Change-Incident-Severity
- alert-trigger
- images
- incident-trigger
- images
- CiscoASA
- CiscoASA-AddIPtoNetworkObjectGroup
- images
- CiscoASA-CreateACEInACL
- images
- CiscoASA-CreateInboundAccessRuleOnInterface
- images
- CustomConnector
- Images
- Close-Incident-MCAS
- media
- Close-SentinelIncident-fromSNOW
- Graphics
- Comment-OriginAlertURL
- Comment-RemediationSteps
- images
- Create Incidents From Http
- Create Incidents with Email
- Create-AzureDevOpsTask
- alert-trigger
- images
- incident-trigger
- images
- Create-AzureSnapshot
- Create-IBMResilientIncident
- alert-trigger
- images
- customConnector
- incident-trigger
- images
- Create-Incident-on-missing-Data-Source
- images
- Create-Zendesk-Ticket
- images
- CrowdStrike
- Playbooks/CrowdStrike_ResponsefromTeams
- CybleLogicApp
- Images
- Dismiss_Upstream_Events
- Dynamic-Summaries-API-Upsert
- Enrich-AzureResourceGraph-Incident
- images
- Enrich-AzureResourceGraph
- images
- Enrich-CIRCL-hashlookup
- CustomConnector
- Playbook
- images
- Enrich-Intezer-Analyze
- CustomConnector
- Playbook
- images
- Enrich-MalwareBazaar
- CustomConnector
- Playbook
- images
- Enrich-Sentinel-Incident-AlienVault-OTX
- images
- Enrich-SentinelIncident-GreyNoise-IP
- Images
- Enrich-SentinelIncident-GreyNoiseCommunity-IP
- Images
- Enrich-SentinelIncident-MDATPTVM
- Export-Incidents-With-Comments
- Export-Report-CSV
- F5BigIP
- Playbooks
- BasePlaybook-F5BigIP
- Images
- BlockIP-F5BigIP
- Images
- BlockURL-F5BigIP
- Images
- EnrichmentIP-F5BigIP
- Images
- ForcepointNGFW
- Connector/ForcepointSMCApiConnector
- Playbooks
- BlockIP-ForcepointNGFW
- Images
- BlockIPbyUsername-ForcepointNGFW
- Images
- BlockURL-ForcepointNGFW
- Images
- Enrichment-IP-ForcepointNGFW
- Images
- Enrichment-URL-ForcepointNGFW
- Images
- FirewallImages
- ResponseOnTeamsBlockIP-ForcepointNGFW
- Images
- Fortinet-FortiGate
- CustomConnector
- FunctionApp
- Playbooks
- Fortinet_IncidentEnrichment
- Fortinet_ResponseOnIP
- Fortinet_ResponseOnURL
- Get-AD4IoTDeviceCVEs
- alert-trigger
- images
- incident-trigger
- images
- Get-ASCRecommendations
- alert-trigger
- images
- incident-trigger
- images
- Get-AlertEntitiesEnrichment
- Get-AlienVault_OTX
- Get-CompromisedPasswords
- media
- Get-GeoFromIPandTagIncident-EmailAlertBasedonGeo
- Get-GeoFromIpAndTagIncident
- alert-trigger
- images
- customConnector
- incident-trigger
- images
- Get-MDATPVulnerabilities
- Get-MDEFileActivityWithin30Mins
- Get-MDEInvestigationPackage
- alert-trigger
- images
- entity-trigger
- images
- incident-trigger
- images
- Get-MDEProcessActivityWithin30Mins
- Get-MDEStatistics
- alert-trigger
- images
- incident-trigger
- images
- Get-MachineData-EDR-SOAR-ActionsOnMachine
- Get-MerakiData-ConfigurationChanges
- Get-MerakiData-OrgSecurityEvents
- Get-Microsoft-Covid19-Indicators
- Get-O365Data
- Get-Recipients-EmailMessageID-containing-URL
- Get-SOCActions
- Get-SOCTasks
- images
- Get-SentinelAlertsEvidence
- alert-trigger
- images
- incident-trigger
- Get-TenableVlun
- Get-VTURLPositivesComment
- Guardicore-Import-Assets
- Images
- Guardicore-Import-Incidents
- Images
- Guardicore-ThreatIntel
- Images
- HaveIBeenPwned-Email
- HaveIBeenPwned
- HaveIBeenPwnedCustomConnector
- Playbooks
- HaveIBeenPwned_Enrichment_GetAccountBreaches
- Images
- HaveIBeenPwned_Enrichment_GetSiteBreaches
- Images
- HaveIBeenPwned_ResponseOnTeams
- Images
- HaveIBeenPwned_SendEmail
- Images
- IdentityProtection-EmailResponse
- images
- IdentityProtection-TeamsBotResponse
- images
- Incident-Email-Notification
- Incident-Status-Sync-To-WDATP
- Graphics
- IncidentUpdate -Get-SentinelAlertsEvidence
- Ingest-CanaryTokens
- Detections
- Ingest-Prisma
- Isolate-AzureStorageAccount
- Isolate-AzureVMtoNSG
- M365-Security-Posture
- MDTI-Actor-Lookup
- Netskope/Add-Url-to-netskope-url-list
- images
- Notify-ASCAlertAzureResource
- OktaRawLog
- Open-ServiceDeskPlusOnDemand-Ticket
- PaloAlto-PAN-OS
- PaloAltoCustomConnector
- Playbooks
- PaloAlto-PAN-OS-BlockIP
- images
- PaloAlto-PAN-OS-BlockURL
- images
- PaloAlto-PAN-OS-GetSystemInfo
- PaloAlto-PAN-OS-GetThreatPCAP
- PaloAlto-PAN-OS-GetURLCategoryInfo
- PaloAlto-Wildfire
- Connectors/WildFireConnector
- Playbooks
- Block-URL-From-Teams
- Images
- Block-URL
- Images
- FileHash-Enrichment
- Images
- Post-Tags-And-Comments-To-Your-IntSights-Account
- Put-MDEAlert-Hunting-GitHub
- Media
- QuickStart-SentinelTriggers
- alert-trigger
- images
- incident-trigger
- images
- RecordedFuture-Block-IPs-and-Domains-on-Microsoft-Defender-for-Endpoint
- RecordedFuture_IP_SCF
- Remove-MDEAppExecution
- alert-trigger
- images
- incident-trigger
- images
- Reopen-Incdient-With-Incomplete-Tasks
- incident-trigger
- images
- Resolve-McasInfrequentCountryAlerts
- Run-AzureVMPacketCapture
- Run-Notebook-After-Incident-Creation
- Save-NamedLocations
- Send-AnalyticalRulesHealthNotifications
- images
- Send-AzCommunicationsSMSMessage
- alert-trigger
- images
- images
- incident-trigger
- images
- Send-ConnectorHealthStatus
- images
- Send-IngestionCostAlert
- images
- Send-IngestionCostAnomalyAlert
- images
- Send-Slack-Message-Webhook
- incident-trigger
- images
- Send-UnhealthyAzureArcResourceAlert
- images
- Send-UrlReport
- Spur-Enrichment
- AlertTrigger
- IncidentTrigger
- static
- Start-MDEAutomatedInvestigation
- alert-trigger
- images
- incident-trigger
- images
- Sync-IncidentCommentToM365DOnUpdate
- images
- Sync-Sentinel-Incident-Comments-To-M365Defender
- images
- ThinkstCanary-Alert-Ingestion
- Update-BulkIncidents
- images
- Update-CVE-IPs-WatchListwithGreyNoise
- images
- Update-NamedLocations-TOR
- media
- Update-VIPUsers-Watchlist-from-AzureAD-Group
- images
- Update-Watchlist-With-NamedLocation
- Watchlist-SendSQLData-Watchlist
- images
- Zscaler-add-Domains-to-URL-Category
- Images
- Zscaler
- Add-IP-To-Category
- images
- Images
- Url-Category-Lookup
- images
- [Deprecated]Move-LogAnalytics-to-Storage
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
2,035 files changed
+0
-167628
lines changedThis file was deleted.
Binary file not shown.
This file was deleted.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file was deleted.
0 commit comments