Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook reacts to a Microsoft Sentinel incident, computes the 3-slot fan-out over the incident's IP entities, writes slot-claim rows to the GuardicoreConnectionSlots Azure Table, and posts one slot-manifest record per slot to the GuardicoreProcessedIncidents_CL custom log via the Logs Ingestion API. The actual Guardicore /api/v3.0/connections fetch is performed asynchronously by the companion Guardicore-EnrichmentRunner Logic App. (Function-App-free architecture.)
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Akamai Guardicore |
| Source | View on GitHub |
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 0 |
azuretables |
Managed | 1 | 1 |
http |
Built-in | 0 | 1 |
azuretables (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Try_insert_slot | post | /Tables/@{encodeURIComponent('GuardicoreConnectionSlots')}/entities |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Post_manifest | POST | @{concat(parameters('DataCollectionEndpoint'), '/dataCollectionRules/', parameters('DataCollectionRuleImmutableId'), '/streams/Custom-GuardicoreProcessedIncidents_CL?api-version=2023-01-01')} |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊