Fortinet_IncidentEnrichment

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This playbook enriches the incident with address object and address group.

Attribute	Value
Type	Playbook
Solution	GitHub Only
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
azuresentinel	Managed	1	2
function	Built-in	0	2

Action parameters (URLs, paths, function IDs)

azuresentinel (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)	post	/Incidents/Comment	—
Entities_-_Get_IPs	post	/entities/ip	—

function (Built-in)

Action	Method	Endpoint	Other
Fetch_the_details_of_the_address_object	GET	—	functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('Functionappname'),'/functions/Fortinet-GetEntityDetails')]
Get_address_group_details	GET	—	functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('Functionappname'),'/functions/Fortinet-GetEntityDetails')]

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks