Recently i am searching a tool how can we export playbook and do some backup and suddenly i found out a useful tool in GitHub, this tool is awesome, and it easily help us how we can export Microsoft Sentinel Playbooks/Azure LogicApps with arm template generator, this tool was developed by Sreedhar Ande a cloud security and currently working at Microsoft as Product Manager, Security at Microsoft.
This tool will export Microsoft Sentinel Playbooks (Azure LogicApps) in the quickest amount of time by sanitizing the JSON contains organizational information such as tenant ID, subscription information, connection strings, and other items that makes sharing a Playbook(Azure LogicApps) a daunting technical challenge.
This PowerShell utility first evaluates your Azure logic app and any API connections that the logic app uses then generates template resources with the necessary parameters for deployment.
You can use this ARM template for your own business scenarios or customize the template to meet your requirements.
You can share it safely knowing that your organization’s information is stripped from the JSON and that it will work correctly in the recipient environment.
Deployment
- Download Azure Logic App/Playbook ARM Template Generator tool from Azure Sentinel GitHub repository
- Extract the folder and open “Playbook_ARM_Template_Generator.ps1” in Visual Studio Code/PowerShell.
Note: The script runs from the user’s machine. You must allow PowerShell script execution. To do so, run the following command:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
- Script prompts you to enter your Azure Tenant Id
- You are prompted to authenticate with credentials, once the user is authenticated, you will be prompted to choose
- Subscription
- Playbooks
- After selecting playbooks, script prompts to select location on your local drive to save ARM Template
Note: Tool converts microsof tsentinel connections to MSI during export
You can deploy your ARM template in different ways, for more information please click here.
For more info check the microsoft tech community and Github Page:
Export Microsoft Sentinel Playbooks or Azure Logic Apps with Ease – Microsoft Tech Community
Azure-Sentinel/Tools/Playbook-ARM-Template-Generator at master · Azure/Azure-Sentinel (github.com)