You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/quickstart-automation-alert.md
+18-9Lines changed: 18 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,11 +3,12 @@ title: Create a security automation for specific security alerts by using an Azu
3
3
description: Learn how to create a Microsoft Defender for Cloud automation to trigger a logic app, which will be triggered by specific Defender for Cloud alerts by using an Azure Resource Manager template (ARM template) or Bicep.
4
4
ms.topic: quickstart
5
5
ms.custom: subject-armqs, mode-arm
6
-
ms.date: 08/31/2022
6
+
ms.date: 01/09/2023
7
7
---
8
+
8
9
# Quickstart: Create an automatic response to a specific security alert using an ARM template or Bicep
9
10
10
-
This quickstart describes how to use an Azure Resource Manager template (ARM template) or a Bicep file to create a workflow automation that triggers a logic app when specific security alerts are received by Microsoft Defender for Cloud.
11
+
In this quickstart, you'll learn how to use an Azure Resource Manager template (ARM template) or a Bicep file to create a workflow automation. The workflow automation will trigger a logic app when specific security alerts are received by Microsoft Defender for Cloud.
11
12
12
13
## Prerequisites
13
14
@@ -64,9 +65,13 @@ For other Defender for Cloud quickstart templates, see these [community contribu
64
65
65
66
Use the Azure portal to check the workflow automation has been deployed.
66
67
67
-
1. From the [Azure portal](https://portal.azure.com), open **Microsoft Defender for Cloud**.
68
+
1. Sign in to the [Azure portal](https://portal.azure.com).
69
+
70
+
1. Search for and select **Microsoft Defender for Cloud**.
71
+
72
+
1. Select **filter**.
68
73
69
-
1.From the top menu bar, select the filter icon, and select the specific subscription on which you deployed the new workflow automation.
74
+
1.Select the specific subscription on which you deployed the new workflow automation.
70
75
71
76
1. From Microsoft Defender for Cloud's menu, open **workflow automation** and check for your new automation.
72
77
:::image type="content" source="./media/quickstart-automation-alert/validating-template-run.png" alt-text="List of configured automations." lightbox="./media/quickstart-automation-alert/validating-template-run.png":::
@@ -78,9 +83,13 @@ Use the Azure portal to check the workflow automation has been deployed.
78
83
79
84
When no longer needed, delete the workflow automation using the Azure portal.
80
85
81
-
1. From the [Azure portal](https://portal.azure.com), open **Microsoft Defender for Cloud**.
86
+
1. Sign in to the [Azure portal](https://portal.azure.com).
87
+
88
+
1. Search for and select **Microsoft Defender for Cloud**.
89
+
90
+
1. Select **filter**.
82
91
83
-
1.From the top menu bar, select the filter icon, and select the specific subscription on which you deployed the new workflow automation.
92
+
1.Select the specific subscription on which you deployed the new workflow automation.
84
93
85
94
1. From Microsoft Defender for Cloud's menu, open **workflow automation** and find the automation to be deleted.
86
95
:::image type="content" source="./media/quickstart-automation-alert/deleting-workflow-automation.png" alt-text="Steps for removing a workflow automation." lightbox="./media/quickstart-automation-alert/deleting-workflow-automation.png":::
@@ -130,9 +139,9 @@ For other Defender for Cloud quickstart templates, see these [community contribu
130
139
131
140
You're required to enter the following parameters:
132
141
133
-
- **automationName**: Replace **\<automation-name\>** with the name of the automation. It has a minimum length of 3 characters and a maximum length of 24 characters.
134
-
- **logicAppName**: Replace **\<logic-name\>** with the name of the logic app. It has a minimum length of 3 characters.
135
-
- **logicAppResourceGroupName**: Replace **\<group-name\>** with the name of the resource group in which the resources are located. It has a minimum length of 3 characters.
142
+
- **automationName**: Replace **\<automation-name\>** with the name of the automation. It has a minimum length of three characters and a maximum length of 24 characters.
143
+
- **logicAppName**: Replace **\<logic-name\>** with the name of the logic app. It has a minimum length of three characters.
144
+
- **logicAppResourceGroupName**: Replace **\<group-name\>** with the name of the resource group in which the resources are located. It has a minimum length of three characters.
136
145
- **alertSettings**: Replace **\{alert-settings\}** with the alert settings object used for deploying the automation.
0 commit comments