Fortinet_ResponseOnURL
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook allows the SOC users to automatically response to Azure Sentinel incidents which includes URL's, by adding the URLs to the Sentinel URL blocked group. Learn more about Threat Intelligence in Fortinet policy
| Attribute |
Value |
| Type |
Playbook |
| Solution |
GitHub Only |
| Source |
View on GitHub |
Logic App Connectors
This playbook uses 4 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Add_comment_to_incident_(V3)_3 |
post |
/Incidents/Comment |
— |
| Update_incident |
put |
/Incidents |
— |
| Add_comment_to_incident_(V3) |
post |
/Incidents/Comment |
— |
| Entities_-_Get_URLs |
post |
/entities/url |
— |
| Action |
Method |
Endpoint |
Other |
| Create_an_address_object |
post |
/api/v2/cmdb/firewall/address |
— |
| Update_pre-defined_address_group |
put |
/api/v2/cmdb/firewall/addrgrp/@{encodeURIComponent(variables('Pre-definedGroupName'))} |
— |
| Action |
Method |
Endpoint |
Other |
| Address_group_details |
— |
— |
functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('functionappname'),'/functions/Fortinet-GetEntityDetails')] |
| Check_address_object_is_already_exist_in_firewall |
GET |
— |
functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',variables('functionappname'),'/functions/Fortinet-GetEntityDetails')] |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks