Forum Discussion
AshleyMartin
Microsoft
MicrosoftNew Blog Post | How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook
I’ve known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by the masses.
HaveIBeenPwned is a great resource developed and maintained by Troy. It provides the ability to query against its database to expose domains or user accounts that have been caught up in any of the number of reported industry data breaches. Wouldn’t it be nice, then, to have this data available for your Microsoft Sentinel investigations?
Fortunately, Troy provides an API for his service.
I’ve provided a Microsoft Sentinel Playbook that takes email addresses associated with an Incident and submits them through the API and returns a quick note to the Comments tab in the Incident as to whether or not the email address(es) has been compromised.
Original Post: New Blog Post | How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook - Microsoft Tech Community
- There was a small issue with deploying the github template for this. I commented on https://github.com/rod-trent/SentinelPlaybooks/issues/5 what is the source of error, as it should then be a simple fix to find and change the code in the template before deploying by anyone.
