PlaybookName

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This playbook will create a snapshot from an Azure VM.

Attribute Value
Type Playbook
Solution GitHub Only
Source View on GitHub

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azuremonitorlogs Managed 1 1
azuresentinel Managed 1 2
azuresentinel_1 Managed 0 1
http Built-in 0 2
Action parameters (URLs, paths, function IDs)

azuremonitorlogs (Managed)

Action Method Endpoint Other
Get_Full_Alert_Details post /queryData

azuresentinel (Managed)

Action Method Endpoint Other
Alert_-_Get_incident get /Cases/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}
Add_comment_to_incident_(V2)_2 put /Comment/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/@{encodeURIComponent('Alert')}/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}

azuresentinel_1 (Managed)

Action Method Endpoint Other
Entities_-_Get_Hosts post /entities/host

http (Built-in)

Action Method Endpoint Other
Create_Snapshot PUT https://management.azure.com/subscriptions/@{split(body('Parse_VMData')?['id'],'/')[2]}/resourceGroups/@{split(body('Parse_VMData')?['id'],'/')[4]}/providers/Microsoft.Compute/snapshots/@{body('Parse_VMData')?['properties']?['osProfile']?['computerName']}@{body('Alert_-_Get_incident')?['properties']?['CaseNumber']}?api-version=2019-07-01
Get-AzureVM GET https://management.azure.com@{items('For_each')['ResourceId']}?api-version=2019-07-01

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks