Team Cymru Scout Live Investigation
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will fetch and ingest IP or Domain Indicator data based on input parameters given in the live investigation dashboard.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Team Cymru Scout |
| Source | View on GitHub |
Additional Documentation
Summary
This playbook will fetch and ingest IP or Domain Indicator data based on input parameters given in the live investigation dashboard.
Prerequisites
- Make sure that the TeamCymruScoutCreateIncidentAndNotify playbook is deployed before deploying the TeamCymruScoutLiveInvestigation playbook.
Deployment instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill in the required parameters: * PlaybookName: Please do not change the playbook name, else you will not get any data for the live investigation dashboard. * UserName: Enter username of your Team Cymru Scout account. * Password: Enter password of your Team Cymru Scout account. * BaseURL: Enter Base URL of your Team Cymru Scout account. * WorkspaceName: Enter workspace name in which you want to fetch or store your data. * CreateIncidentAndNotifyPlaybookName: Playbook name which is deployed as part of prerequisites.
Post-Deployment instructions
a. Authorize connections
Once deployment is complete, authorize each connection. 1. Go to your logic app → API connections → Select azureloganalyticsdatacollector connection resource 2. Go to General → Edit API connection. 3. Enter Workspace ID and Workspace Key of your log analytics workspace. 4. Click Authorize 5. Sign in. 6. Click Save. 7. Repeat steps for other connections.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊