Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with deploying 100 ASIM rules playbook #350

Closed
jusso-dev opened this issue Sep 28, 2023 · 2 comments
Closed

Issue with deploying 100 ASIM rules playbook #350

jusso-dev opened this issue Sep 28, 2023 · 2 comments

Comments

@jusso-dev
Copy link

Hey all,

Trying to deploy the rules you provided here - https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fsoc.cyber.wa.gov.au%2Fonboarding%2Fwasoc-sentinel-rules-deployment.json - but the ARM template just failed over and over again.

I suspect it's related to this issue - Azure/Azure-Sentinel#8623

Are you seeing this happen on your end?
@adonm
Copy link
Member

adonm commented Oct 30, 2023

Hi jusso, yep I believe the issue you linked will mean there are some failures depending on the ASIM state in target tenant. We are currently re-architecting our standard rules to utilise https://learn.microsoft.com/en-us/azure/sentinel/ci-cd?tabs=github and once tested will switch our guidance over to using that process - will link this issue to appropriate merge once we complete the change.

@adonm
Copy link
Member

adonm commented Feb 5, 2024

Hi @jusso-dev,

We have adjusted our docs to follow the content hub approach for deployment in the interim, see https://soc.cyber.wa.gov.au/baselines/data-sources/#51-improving-microsoft-sentinel-detection-coverage

Kind Regards,
Adon

@adonm adonm closed this as completed Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adonm @jusso-dev