Microsoft Sentinel Security Playbooks is a repository containing sample security playbooks designed for security automation, orchestration and response (SOAR) capabilities. The repository provides ARM templates that integrate with Microsoft Sentinel triggers to enable automated security responses. Each playbook folder contains an ARM template that can be deployed through the Azure portal using custom template deployment. The deployment process involves pasting the GitHub playbook contents into the Azure template editor, configuring required parameters, and authorizing connections after deployment. The playbooks require connection authorization for Microsoft Sentinel and other integrated services. For Azure Log Analytics Data Collector connections, users must provide workspace ID and key credentials. Once deployed and authorized, the playbooks can be edited and customized using Azure Logic Apps. The repository includes tools for creating custom playbooks, including an Azure Logic App/Playbook ARM Template Generator. This PowerShell-based tool allows users to generate ARM templates from existing Logic Apps, requiring PowerShell script execution permissions on the user's machine.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.