DNSDB_Co_Located_IP_Address
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
author: Henry Stern, Farsight Security, Inc.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Farsight DNSDB |
| Source | View on GitHub |
⚠️ Not listed in Solution JSON: This content item was discovered by scanning the solution folder but is not included in the official Solution JSON file. It may be a legacy item, under development, or excluded from the official solution package.
Logic App Connectors
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 2 |
farsightdnsdb |
Managed | 1 | 3 |
Action parameters (URLs, paths, function IDs)
azuresentinel (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_IPs | post | /entities/ip |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
farsightdnsdb (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| RRSet_Lookup_with_RRType_A | get | /lookup/rrset/name/@{encodeURIComponent(items('For_each_RRName_'))}/@{encodeURIComponent('A')} |
— |
| RRSet_Lookup_with_RRType_AAAA | get | /lookup/rrset/name/@{encodeURIComponent(items('For_each_RRName_'))}/@{encodeURIComponent('AAAA')} |
— |
| RData_Lookup_with_RRType | get | /lookup/rdata/@{encodeURIComponent('ip')}/@{encodeURIComponent(items('For_each')?['Address'])}/ANY |
— |
Additional Documentation
📄 Source: DNSDB_Co_Located_IP_Address/readme.md
author: Henry Stern, Farsight Security, Inc.
This playbook uses the Farsight DNSDB connector to automatically enrich IP Addresses found in the Sentinel incidents. This lookup will identify all the IPs that are co-located (based on Domain) based on the on the input of a IP Address. This would be set of IPs that also shared the same Domain as the originating IP address. Learn more about the integration via the https://docs.microsoft.com/connectors/farsightdnsdb/ or visit https://www.farsightsecurity.com/about-farsight-security/contacts/ to request a trial key.
Screenshots
Links to deploy the DNSDB_Co_Located_IP_Address playbook template:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊