BlockIP-Azure Firewall New Rule - Entity trigger

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook uses the Azure Firewall connector to add IP Address to the Deny Network Rules collection based on the Microsoft Sentinel Incident

Attribute	Value
Type	Playbook
Solution	Azure Firewall
Source	View on GitHub

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	3
`teams`	Managed	1	2
`virustotal`	Managed	1	1
`AzureFirewallConnector`	Custom	1	3

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_with_the_endpoint_info_and_action_taken	post	`/Incidents/Comment`	—
Update_incident	put	`/Incidents`	—
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—

`teams` (Managed)

Action	Method	Endpoint	Other
Post_action_taken_in_channel	post	`/beta/teams/conversation/message/poster/@{encodeURIComponent('User')}/location/@{encodeURIComponent('Channel')}`	—
Post_message_in_a_chat_or_channel	post	`/beta/teams/conversation/message/poster/@{encodeURIComponent('User')}/location/@{encodeURIComponent('Channel')}`	—

`virustotal` (Managed)

Action	Method	Endpoint	Other
Get_an_IP_report	get	`/api/v3/ip_addresses/connectorV2/@{encodeURIComponent(triggerBody()?['Entity']?['properties']?['Address'])}`	—

`AzureFirewallConnector` (Custom)

Action	Method	Endpoint	Other
Creates_or_updates_the_specified_Azure_Firewall	put	`/subscriptions/@{encodeURIComponent(parameters('SubscriptionID'))}/resourceGroups/@{encodeURIComponent(outputs('Resource_Group_name'))}/providers/Microsoft.Network/azureFirewalls/@{encodeURIComponent(outputs('Firewall_name'))}`	—
Gets_the_specified_Azure_Firewall	get	`/subscriptions/@{encodeURIComponent(parameters('SubscriptionID'))}/resourceGroups/@{encodeURIComponent(outputs('Resource_Group_name'))}/providers/Microsoft.Network/azureFirewalls/@{encodeURIComponent(outputs('Firewall_name'))}`	—
Gets_all_the_Azure_Firewalls_in_a_subscription	get	`/subscriptions/@{encodeURIComponent(parameters('SubscriptionID'))}/providers/Microsoft.Network/azureFirewalls`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Azure Firewall