After creating the playbook, it's essential to assign the appropriate privileges. To enable a playbook to execute commands in the Microsoft Sentinel, assign it the Microsoft Sentinel responder role, granting specific actions within the platform. These actions include incident creation, updates, comment addition, and automation workflow execution.
This practice streamlines your incident response, ensuring efficiency and adherence to the principles of security and least privilege.
Assign Microsoft Sentinel Responder Role to the Playbook
Navigate to the "resource groups" for "SEC-Monitoring".
- Click on "Access control (IAM)" under Overview at the left side bar.
- Click on "Add". Then, "Add role assignment".
- On the Search bar, search for "Microsoft Sentinel".
- Select "Microsoft Sentinel Responder".
- Click on "Next".
- Select "Managed identity".
- Click on "Select members".
- Click on "Managed identity". Then select "Logic app".
- Select "ChatGPT-Incident-Enrichment".
- Click on "Select".
- Click on "Next".
- Click "Review + assign".
- Successfully Assign Microsoft Sentinel Responder Role to the Playbook.
Assign Appropriate Permissions to the Playbook
After creating the playbook, it's essential to assign the appropriate privileges. To enable a playbook to execute commands in the Microsoft Sentinel, assign it the Microsoft Sentinel responder role, granting specific actions within the platform. These actions include incident creation, updates, comment addition, and automation workflow execution.
This practice streamlines your incident response, ensuring efficiency and adherence to the principles of security and least privilege.
Assign Microsoft Sentinel Responder Role to the Playbook
- Click on "Access control (IAM)" under Overview at the left side bar.
- Click on "Add". Then, "Add role assignment".
- On the Search bar, search for "Microsoft Sentinel". - Select "Microsoft Sentinel Responder". - Click on "Next".
- Select "Managed identity". - Click on "Select members". - Click on "Managed identity". Then select "Logic app". - Select "ChatGPT-Incident-Enrichment". - Click on "Select". - Click on "Next".
- Click "Review + assign".
- Successfully Assign Microsoft Sentinel Responder Role to the Playbook.