select languageEnglish
toggle dropdown
MarketplaceListingsSolutionSecurity Orchestration Automation and Response

Security Orchestration Automation and Response

Bronze Certified

Solution

0 reviews

24

Security Orchestration Automation and Response

Bronze Certified

Solution

0 reviews

24

OverviewReviewsQuestions
5
Versions

Summary

Workflow Solution built on top of the official UiPath IT Automation activities for automating the resolution of Azure brute force attacks security incidents targeting public facing virtual machines.

carouselImage0

Overview

Azure public-facing Virtual Machines can be secured from brute force attacks with the solution’s ready to use workflows that block attacker IP addresses in the Virtual Machine’s Network Security Groups. The Azure Security Center Alerts types that can be processed automatically are:
  • Suspicious authentication activity
  • Possible incoming SQL brute force attempts detected
  • Web Fingerprint Detected
  • Failed SSH brute force attack
Solution Workflows:

1. AzureCreateNSGsForNIs
  • creates NSGs for the Virtual Machines that don't have at least one associated with one of its Network Interfaces
  • (optional) it can be scheduled to run 1st - the other workflows will have no effect froma security resolution point of view if deny security rules cant be created for the attacked VM
2. GetAzureSecurityCenterAlerts
  • gets the Azure Security Center alerts for the supported Brute Force attack types and adds them to an Orchestrator Queue for processing
3. AzureVMsAttackersBlock_AddSecurityRuleToNSG
  • retrieves the pending Orchestrator queue items
  • the new Security Rules have their priority computed dynamically
  • if the attacker IP is already blocked in an NSG, it will be skipped
4. Block_AttackerIP_in_VM_NSGs
  • the workflow can be executed on-demand from the Orchestrator web or mobile apps
  • the specified IP is blocked in all the Network Security Groups associated with the input Virtual Machine

Benefits


Published: 30 Jun 2020 | Updated: 23 Dec 2020

Trusted Source

License

MIT

Code Language

Visual Basic

Runtime

Windows Legacy (.Net Framework 4.6.1)

Tags

security
azure
cloud
cybersecurity
security orchestration
soar

Compatibility

UiPath Studio 19.10+

Dependencies

UiPath.Azure.Activities (>=1.1.0)

Documentation

UiPath - Security Orchestration (2020.04).pdf
UiPath IT Automation One Pager.pdf

Support

UiPath Community Support

Similar Listings

Supported by Publisher

Microsoft Azure

Custom Activity

Official UiPath activities for Azure cloud resources provisioning, configuration and management: virtual machines, storage, networking, security.

2.2k

Gold Certified

IT Automation for Public, Private & Hybrid Clouds

Solution

Workflows that enable organizations from all industries to accelerate the automation of their IT ecosystem in the areas of Cloud, Server Virtualization, User Management, Security, Networking and more.

307

Bronze Certified

Supported by Publisher

Microsoft Hyper-V

Custom Activity

Official UiPath activities for Microsoft Hyper-V virtual machines provisioning, configuration and management.

588

Gold Certified

Supported by Publisher

VMware ESXi vCenter

Custom Activity

Official UiPath activities for VMware ESXi vCenter resources provisioning, configuration and management: virtual machines, hosts, storage, networking operations.

1.5k

Gold Certified

Help

UiPath ForumContact UsFAQs

How To

Automation Ideas BoardBecome a PublisherPublish a Quality ListingCertify Your Listing
select languageEnglish
toggle dropdown
Terms & Conditions
Privacy Policy
Cookies Policy
linkedinfacebooktwitteryoutubeblogslack