Cloud Credentials Rotation - Azure

Supported Cortex XSOAR versions: 6.9.0 and later.

Azure Credentials Rotation Playbook#

Protect your identity and access management:

Reset Password: Resets the user password to halt any unauthorized access.
Revoke Session: Terminates current active sessions to ensure the malicious actor is locked out.
Combo Action: Resets the password and terminates all active sessions.

Guard your applications:

Password Regeneration: Generate a new password for the service principal, making sure the old one becomes obsolete.

This playbook uses the following sub-playbooks, integrations, and scripts.

This playbook does not use any sub-playbooks.

This playbook does not use any integrations.

Name	Description	Required
IAMRemediationType	The response playbook provides the following remediation actions using MSGraph Users: Reset: By entering "Reset" in the input, the playbook will execute password reset. Revoke: By entering "Revoke" in the input, the playbook will revoke the user's session. ALL: By entering "ALL" in the input, the playbook will execute the reset password and revoke session tasks.	Optional
appID	This is the unique application (client) ID of the application.	Optional
objectID	This is the unique ID of the service principal object associated with the application.	Optional
userID	The user ID or user principal name.	Optional
identityType	The type of identity involved. Usually mapped to incident field named 'cloudidentitytype'. e.g. IAM,APPLICATION	Optional

Path	Description	Type
MSGraphUser	The Microsoft Graph Users information.	unknown
MSGraphApplication	The Microsoft Graph Application information.	unknown

Cloud Credentials Rotation - Azure