Wrike is a project management software, widely used in various industries like Health Care, Information Technology and even Finance. It is one of the top rated PMS with excellent security handling. To bolster its security even more we have a custom solution to monitor the various activities happening within the Wrike environment using Azure Sentinel. With the variety of contents provided, we can have a bird's eye view as well as a granular control over Wrike security.
Wrike is not just restricted to one sector instead it has users from Siemens, Walmart, Capgemini, Nickelodeon, Sony Pictures and many more. Now along with the capabilities of Azure Sentinel we can provide a much more in-depth security analysis and overview to the SOC team.
One of the beautiful features of Azure Sentinel is its ability to ingest different types of logs using multiple methods and the integration of Sentinel along with Azure Defender gives a cross-domain view within the cloud environment. Our project consists of :
- Data Connector
- Analytic Rules
- Threat Hunting Queries
- Parser
- Playbook
- Workbook
- Open your Wrike Workspace
- Go to
Apps & Integrations
at the top-right of your workspace - Then go to
API
at the top-left of your screen. - Enter an API name and then click on
Create
. - Open your App and the scroll down to Create Token.
- Enter your Wrike workspace password.
- Then click on
Copy Token
to copy the Permanent Access Token for further use.
- Create your Azure Sentinel Workspace and then obtain the WORKSPACEID and PRIMARY/SECONDARY KEY.
- Clone the git repository in your local computer.
git clone https://github.com/ParanjoyG/Secure_WRIKE_using_AZURE_SENTINEL.git
- Go to the follwing path
.../Secure_Wrike_using_AZURE_SENTINEL/DataConnector_Manual/
- Install the required dependencies
pip install -r requirements.txt
- Run the program
complete.py
- Provide the required inputs - WorksspaceID, Primary Key, Wrike Access Token
- Your data will be logged in a custom log table with the name
AuditLog_CL
- Parser : Used to normalise the ingested data. Save this KQL query in the log analytics worksapce as a function as
WrikeAudit
- Analytic Rules : Use these to create alerts and incidents for various threat tactics which you can investigate further.
- Threat Hunting : Queries to proactively hunt for threat in your Wrike environment.
- Workbook : Visualise trends in your data.
- Playbook : Performing SOAR against various threats.