Microsoft Sentinel Security Playbooks
Microsoft Sentinel Security Playbooks is a repository containing sample security playbooks designed for security automation, orchestration and response (SOAR) capabilities. The repository provides ARM templates that integrate with Microsoft Sentinel triggers to enable automated security responses. Each playbook folder contains an ARM template that can be deployed through the Azure portal using custom template deployment. The deployment process involves pasting the GitHub playbook contents into the Azure template editor, configuring required parameters, and authorizing connections after deployment. The playbooks require connection authorization for Microsoft Sentinel and other integrated services. For Azure Log Analytics Data Collector connections, users must provide workspace ID and key credentials. Once deployed and authorized, the playbooks can be edited and customized using Azure Logic Apps. The repository includes tools for creating custom playbooks, including an Azure Logic App/Playbook ARM Template Generator. This PowerShell-based tool allows users to generate ARM templates from existing Logic Apps, requiring PowerShell script execution permissions on the user's machine.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.