Create A Security Automation for a Recommendation
This template deploys an Azure Security Center Automation for a specific Azure Security Center's recommendation. Automation is an Azure Resource which triggers a Logic App.
Overview and deployed resources
This is an overview of the solution
The following resources are deployed as part of the solution
Microsoft.Logic Resource provider
The Microsoft.Logic Resource provider is used to create an empty triggerable Logic App.
- Logic App: An Empty triggerable Logic App
Microsoft.Security Resource provider
The Microsoft.Security Resource provider (Azure Security Center) is where the Automation which will trigger the logic app will be created.
- Automation: The Automation which will trigger the empty Logic App, upon receiving a specific Azure Security Center recommendation. In the example specified we have used the following recommendation (assessment) with the Guid : "4fb67663-9ab9-475d-b026-8c544cced439". This recommendation is for "Install endpoint protection solution on Linux virtual machines".
We found this Guid by using Azure Security Center assessment meta data API. The API is listed in: https://docs.microsoft.com/rest/api/securitycenter/assessmentsmetadata
Prerequisites
Users need to be registered to both Microsoft.Logic and Microsoft.Security resource providers to run this.
Deployment steps
You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.
Notes
Solution notes
Tags: Security, Security Center, LogicApps, Automations, Microsoft.Security/automations, Microsoft.Logic/workflows, request, object, string