jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Commit 2c6e8ced: Multiple changes

Browse Source 
- Check output
- Updated list generation
- Started subdomain takeover check module
This commit is contained in:
Jurjen Ladenius
2021-08-12 10:46:04 +02:00
parent 2c6e8cede3
commit 1a3bc1370e
39 changed files with 4879 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
AdaptiveCards/log analytics alert.json Normal file
View File

@@ -0,0 +1,38 @@
{
"@context": "http://schema.org/extensions",
"@type": "MessageCard",
"themeColor": "CC4216",
"title": "#alertrulename",
"text": "#alertrulename returned #searchresultcount records which exceeds the threshold of #thresholdvalue .",
"summary": "Query: #searchquery",
"potentialAction": [{
"@type": "OpenUri",
"name": "See details in Log Analytics",
"targets": [{
"os": "default",
"uri": "#linktosearchresults"
}]
}],
"sections": [{
"facts": [{
"name": "Severity:",
"value": "#severity"
},
{
"name": "Query:",
"value": "#searchquery"
},
{
"name": "ResultCount:",
"value": "#searchresultcount"
},
{
"name": "Search Interval StartTime:",
"value": "#searchintervalstarttimeutc"
},
{
"name": "Search Interval End time:",
"value": "#searchintervalendtimeutc"
}]
}]
}

57
AdaptiveCards/logicApp Common alert schema.json Normal file
View File

@@ -0,0 +1,57 @@
{
"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"type": "AdaptiveCard",
"version": "1.0",
"msTeams": {
"width": "full"
},
"fallbackText": "rul@{triggerBody()?['data']?['essentials']?['alertRule']} - @{triggerBody()?['data']?['essentials']?['description']}",
"body": [
{
"type": "TextBlock",
"text": "Azure Security Center Alert",
"weight": "bolder",
"size": "large",
"id": "acTitle"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['data']?['essentials']?['alertRule']}",
"weight": "Bolder",
"wrap": true,
"id": "acSubHeader"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['data']?['essentials']?['description']}",
"wrap": true,
"id": "acDescriptionArea"
},
{
"type": "FactSet",
"facts": [
{
"title": "Severity:",
"value": "@{triggerBody()?['data']?['essentials']?['severity']}"
},
{
"title": "Detection time:",
"value": "@{triggerBody()?['data']?['essentials']?['firedDateTime']}"
},
{
"title": "Alert Id:",
"value": "@{triggerBody()?['data']?['essentials']?['alertId']}"
}
],
"id": "acFactSet"
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "See details in @{triggerBody()?['data']?['essentials']?['monitoringService']}",
"url": "@{if(contains(createArray('Log Analytics', 'Application Insights', 'Log Alerts V2'), triggerBody()?['data']?['essentials']?['monitoringService']), triggerBody()?['data']?['alertContext']?['LinkToSearchResults'], 'https://portal.azure.com')}"
}
]
}

64
AdaptiveCards/logicApp SecurityCenter alert.json Normal file
View File

@@ -0,0 +1,64 @@
{
"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"type": "AdaptiveCard",
"version": "1.0",
"msTeams": {
"width": "full"
},
"fallbackText": "@{triggerBody()?['AlertDisplayName']} - @{triggerBody()?['Description']}",
"body": [
{
"type": "TextBlock",
"text": "Azure Security Center Alert",
"weight": "bolder",
"size": "large",
"id": "acTitle"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['AlertDisplayName']}",
"weight": "Bolder",
"wrap": true,
"id": "acSubHeader"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['Description']}",
"wrap": true,
"id": "acDescriptionArea"
},
{
"type": "FactSet",
"facts": [
{
"title": "Severity:",
"value": "@{triggerBody()?['Severity']}"
},
{
"title": "Attacked resource:",
"value": "@{triggerBody()?['CompromisedEntity']}"
},
{
"title": "Detected by:",
"value": "@{triggerBody()?['VendorName']} - @{triggerBody()?['ProductName']}"
},
{
"title": "Detection time:",
"value": "@{triggerBody()?['TimeGenerated']}"
},
{
"title": "Alert Id:",
"value": "@{triggerBody()?['SystemAlertId']}"
}
],
"id": "acFactSet"
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "See details in Securtity Center",
"url": "@{triggerBody()?['AlertUri']}"
}
]
}

66
AdaptiveCards/logicApp SecurityCenter recommendation.json Normal file
View File

@@ -0,0 +1,66 @@
{
"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"type": "AdaptiveCard",
"version": "1.0",
"msTeams": {
"width": "full"
},
"fallbackText": "@{triggerBody()?['properties']?['displayName']}",
"body": [
{
"type": "TextBlock",
"text": "Azure Security Center Recommendation",
"weight": "bolder",
"size": "large",
"id": "acTitle"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['properties']?['displayName']}",
"weight": "Bolder",
"wrap": true,
"id": "acSubHeader"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['properties']?['metadata']?['description']}",
"wrap": true,
"id": "acDescriptionArea"
},
{
"type": "TextBlock",
"text": "@{triggerBody()?['properties']?['metadata']?['remediationDescription']}",
"wrap": true,
"id": "acDescriptionArea"
},
{
"type": "FactSet",
"facts": [
{
"title": "Severity:",
"value": "@{triggerBody()?['properties']?['metadata']?['severity']}"
},
{
"title": "Status:",
"value": "@{triggerBody()?['properties']?['status']?['description']}"
},
{
"title": "Source:",
"value": "@{triggerBody()?['properties']?['resourceDetails']?['source']}"
},
{
"title": "Id:",
"value": "@{triggerBody()?['properties']?['resourceDetails']?['id']}"
}
],
"id": "acFactSet"
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "See details in Azure Portal",
"url": "@{triggerBody()?['properties']?['links']?['azurePortalUri']}"
}
]
}