Share via

How to use a Logic app or Fuction app to apply a powershell script to connect into a Fortigate firewall and apply a IP address to a blocked list.

Christopher Gray 41 Reputation points
2022-07-06T23:10:39.793+00:00

I am using Azure Sentinel with the Fortigate firewall connector to receive CEF logs and filter whenever our firewall detects a failed "SSL-VPN-Login".

I created an Antilytic rule that runs the KQL query,
//Query Failed VPN Logins
CommonSecurityLog
| where DeviceAction has "ssl-login-fail"

And I see the CEF logs.

At this point I am using Microsoft Sentinel | Automation and I created a "Playbook with Alert trigger" using the Connector "Microsoft Sentinel Alert (Preview)" to send an email with some details from the CEF log including,
Destination IP
Destination Host Name
Time Generated

What I'd like it to do before it sends the email, is to use Powershell Operations to apply a script or invoke a SSH command to log into the Fortigate Firewall and add the Destination IP to our blocked IPs list in the Fortigate Firewall.

I cannot find any Powershell operations or SSH operations that will allow me to do this.

Any help on this would be appreciated,

Thanks.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,896 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,403 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
999 questions
0 comments
Accepted answer
  1. Kamlesh Kumar 3,861 Reputation points
    2022-07-07T01:51:59.067+00:00

    Hi @Christopher Gray ,

    Welcome to Microsoft Q&A Platform. Thank you for the question.

    You can use Azure automation and create a Runbook and then run the created Azure Automation from Logicapps.

    Kindly refer the below threads to get some help,

    Regards,
    Kamlesh Kumar
    BizTalk Techie

    Please don't forget to click on 205836-130616-image.png or upvote 205759-130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is How

    Want a reminder to come back and check responses? Here is how to subscribe to a Notification

    If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest