Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Initial Commit For Send-Slack-Message-Webhook

Open ZLT-ops opened this issue 3 years ago • 15 comments

Required items, please complete

Change(s):

  • Adding Send-Slack-Message-Webhook Playbook

Reason for Change(s):

  • Adding feature

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

ZLT-ops avatar Feb 23 '22 08:02 ZLT-ops

CLA assistant check
All CLA requirements met.

microsoft-cla-retired[bot] avatar Feb 23 '22 08:02 microsoft-cla-retired[bot]

Hi @ZLT-ops, thanks for this contribution! Is this playbook different then this by allowing the Slack user to interactively response from Slack? Can you also add screenshot of how the Slack message looks like?

If you want this playbook to be shared in the playbook templates tab, please add also the metadata and screenshots. (the screenshot you shared has an issue in the trigger component) https://github.com/Azure/Azure-Sentinel/tree/master/docs/New%20Playbooks%20Contribution%20Guide

lior-tamir avatar Feb 23 '22 10:02 lior-tamir

Hi @lior-tamir, The difference is that the Post-Message-Slack requires you to install the application in Slack with your permissions, and in my case i didn't had one and the admin that installed the app was not a part of the channel i wanted to send message to. Our IT department was against adding a Service Account with an Slack Owner permissions.

So i search for a way do make it with Webhook and didn't find one, so i created this one.

Will add screenshot of the message.

ZLT-ops avatar Feb 23 '22 16:02 ZLT-ops

@anki-narravula Please review playbooks. Thanks.

v-marimanda avatar Mar 08 '22 07:03 v-marimanda

Please change the action titles in the card:

  1. the card says "close alerts", while you cannot close alerts in Sentinel, you are closing the incidents
  2. Please change the term "whitelist" to "allow list" or something similar :)

Please fix the screen shots to show the trigger (currently it shows an "connection" error instead of its title I added some fixes and metadata so we can show this in playbook templates tab

lior-tamir avatar Mar 08 '22 09:03 lior-tamir

@ZLT-ops please update the requested changes. thanks!!!

v-marimanda avatar Mar 31 '22 08:03 v-marimanda

@vmanojreddy made the changes

ZLT-ops avatar Mar 31 '22 15:03 ZLT-ops

@anki-narravula Please check and approve the requested changes. thanks!!!

v-marimanda avatar Apr 06 '22 11:04 v-marimanda

@anki-narravula Please check and approve the requested changes. thanks!!!

v-marimanda avatar Apr 25 '22 08:04 v-marimanda

Any updates on the approvals ? @vmanojreddy @anki-narravula

ZLT-ops avatar May 16 '22 18:05 ZLT-ops

@anki-narravula Please check and approve the requested changes. thanks!!!

v-marimanda avatar Jun 01 '22 07:06 v-marimanda

@anki-narravula Please check and approve the requested changes. thanks!!!

v-marimanda avatar Jun 23 '22 09:06 v-marimanda

@anki-narravula Please check and approve the requested changes. thanks!!!

v-marimanda avatar Jul 06 '22 05:07 v-marimanda

@anki-narravula : Please check and approve the requested changes. thanks!!!

v-spadarthi avatar Jul 28 '22 01:07 v-spadarthi

@anki-narravula : Please check and approve. thanks!!!

v-spadarthi avatar Aug 17 '22 01:08 v-spadarthi