A long-term goal for Kontoor’s Cyber Defense team has been to automate rote, mundane tasks performed manually to give us more time to do the meat of incident response and threat hunting. We are proud to share our most current success to-date for automation with the RH-ISAC Community.
This presentation will show the journey from concept to initial tests to completion of the Kontoor Brands Honey Credential automation workflow, leveraging Azure components such Entra, Logic Apps, and Conditional Access. With this automation, the team automatically gets an incident if a login occurs from an IP used to access our honey cred account. Even if there are no additional logins, the threat actor’s IP is automatically added to our MISP for future alerting.
Learn about the challenges encountered and overcome such as data gateways, identity for logic apps, and the nuances of the MISP API. Attendees will also take-away how to apply this automation flow in other environments through iterative development.
