CrowdSecurity-Suspicious-Login-Detection — Solutions Analyzer

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This PlayBook / Logic App automatically create an alert when a successful login is performed from a suspicious or malicious IP.

Attribute	Value
Type	Playbook
Solution	GitHub Only
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	0	5
`http`	Built-in	0	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Entities_-_Get_IPs	post	`/entities/ip`	—
Create_incident	put	`[concat('/Incidents/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/workspaces/', parameters('sentinelWorkspaceName'))]`	—
Add_alert_to_incident	post	`/Incidents/Relation/Create`	—
Add_CTI_link_to_incident_as_comment	post	`/Incidents/Comment`	—
Entities_-_Get_Accounts	post	`/entities/account`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP	GET	`https://cti.api.crowdsec.net/v2/smoke/@{items('For_each_IPs')?['Address']}`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks