Fortinet_ResponseOnIP
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook allows the SOC users to automatically response to Azure Sentinel incidents which includes IPs, by adding/removing the IPs to the Sentinel IP blocked group. Learn more about Threat Intelligence in Fortinet policy
| Attribute |
Value |
| Type |
Playbook |
| Solution |
GitHub Only |
| Source |
View on GitHub |
Logic App Connectors
This playbook uses 4 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Add_comment_to_incident_(V3)_3 |
post |
/Incidents/Comment |
— |
| Update_incident |
put |
/Incidents |
— |
| Add_comment_to_incident_(V3) |
post |
/Incidents/Comment |
— |
| Entities_-_Get_IPs |
post |
/entities/ip |
— |
| Action |
Method |
Endpoint |
Other |
| Create_an_address_object |
post |
/api/v2/cmdb/firewall/address |
— |
| Update_address_group |
put |
/api/v2/cmdb/firewall/addrgrp/@{encodeURIComponent(variables('Pre-definedGroupName'))} |
— |
| Action |
Method |
Endpoint |
Other |
| Address_group_details |
GET |
— |
functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('Functionappname'),'/functions/Fortinet-GetEntityDetails')] |
| Check_address_object_is_already_exist_in_firewall |
GET |
— |
functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('Functionappname'),'/functions/Fortinet-GetEntityDetails')] |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks