Giter VIP home page Giter VIP logo

as-pagerduty-integration's Introduction

AS-PagerDuty-Integration

Author: Accelerynt

For any technical questions, please contact [email protected]

Deploy to Azure Deploy to Azure Gov

This playbook is intended to be run from a Microsoft Sentinel incident. It will create a PagerDuty event with the related Microsoft Sentinel incident and entity information.

PagerDuty_Demo

Requirements

The following items are required under the template settings during deployment:

  • A PagerDuty integration key

Setup

To Create a PagerDuty Integration Key:

Log into your PagerDuty account at https://app.pagerduty.com/. Under the "Services" menu option, select "Service Directory". From the page, click the "New Service" button.

PagerDuty_Create_Integration_Key_1

Add a Name and optional Description like the following:

PagerDuty_Create_Integration_Key_2

Select an escalation policy for your service. In this example, the default is used.

PagerDuty_Create_Integration_Key_3

There may be a step to select a noise reduction option for your service. The "Intelligent" option is reccomended.

Finally, select the Microsoft Sentinel option under the Integrations section, then click "Create Service".

PagerDuty_Create_Integration_Key_4

You will be redirected to the service you have created. Under the Integrations tab view, you will find your integration key. This will be needed for the deployment of this playbook.

PagerDuty_Create_Integration_Key_5

Deployment

To configure and deploy this playbook:

Open your browser and ensure you are logged into your Microsoft Sentinel workspace. In a separate tab, open the link to our playbook on the Accelerynt Security GitHub Repository:

https://github.com/Accelerynt-Security/AS-PagerDuty-Integration

Deploy to Azure Deploy to Azure Gov

Click the “Deploy to Azure” button at the bottom and it will bring you to the custom deployment template.

In the Project Details section:

  • Select the “Subscription” and “Resource Group” from the dropdown boxes you would like the playbook deployed to.

In the Instance Details section:

  • Playbook Name: This can be left as “AS-PagerDuty-Integration” or you may change it.

  • Integration Key: Enter the value of the PagerDuty integration key created from the first section.

Towards the bottom, click on “Review + create”.

PagerDuty_Deploy_1

Once the resources have validated, click on "Create".

PagerDuty_Deploy_2

The resources should take around a minute to deploy. Once the deployment is complete, you can expand the "Deployment details" section to view them. Click the one corresponding to the Logic App.

PagerDuty_Deploy_3

Click on the “Edit” button. This will bring us into the Logic Apps Designer.

PagerDuty_Deploy_4

The first step labeled "Connections" uses a connection created during the deployment of this playbook. Before the playbook can be run, this connection will either need to be authorized in this step, or an existing authorized connection may be alternatively selected.

PagerDuty_Deploy_5

To validate the connection created for this playbook, expand the "Connections" step and click the exclamation point icon next to the name matching the playbook.

PagerDuty_Deploy_6

When prompted, sign in to validate the connection.

PagerDuty_Deploy_7
Once the connection step has been updated, click the "Save" button.

PagerDuty_Deploy_8

Running the Playbook

To run this playbook automatically on incidents in Microsoft Sentinel, navigate to "Automation" under "Configuration" in the left-hand menu.

Click the "Create" button and select "Automation Rule" option from the dropdown.

Nav_1

1) Enter a name for the automation rule.

2) Then stipulate the conditions for which you would like a Microsoft Sentinel Incident to be sent to PagerDuty. In the example below, criteria are set so that only incidents with high severity will be sent to PagerDuty.

3) Select the "Run Playbook" option under the "Actions" section.

4) Then select the name of the playbook that was just deployed from this page.

5) Review the default values under the "Rule expiration" and "Order" section, then click Apply.

Nav_2

Once this saves, your new integration should run automatically.

as-pagerduty-integration's People

Contributors

acceleryntsecuritydev avatar hollyollyoxenfree avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.