Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

Intent: As an IT admin, I want to be know which users have publicly posted compromised passwords and I want to ensure these passwords and variations of those passwords are not used in my environment.

Attribute Value
Type Playbook
Solution GitHub Only
Source View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azuresentinel Managed 1 4
http Built-in 0 6
Action parameters (URLs, paths, function IDs)

azuresentinel (Managed)

Action Method Endpoint Other
Alert_-_Get_incident get /Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}
Entities_-_Get_Accounts post /entities/account
Add_comment_to_incident_(V3)_2 post /Incidents/Comment
Add_comment_to_incident_(V3) post /Incidents/Comment

http (Built-in)

Action Method Endpoint Other
Get_Passwords GET https://api.dehashed.com/search?query=@{body('Parse_AAD_User_Info')?['mail']}
Graph_-_Get_AAD_User_Info GET https://graph.microsoft.com/v1.0/users/@{items('For_Each_Account')?['AadUserId']}
Update_Password_Settings PATCH https://graph.microsoft.com/beta/settings//5bfc75a9-c4cb-42d5-9abc-56d458ab560d
Get_Client_Secret_from_Vault_-_Dehashed GET @parameters('KeyVaultClientCredentialsURL-DeHashed-Password')
Get_Client_Secret_from_Vault_-_Graph_API GET @parameters('KeyVaultClientCredentialsURL-GraphAPI')
Get_Password_Settings GET https://graph.microsoft.com/beta/settings/5bfc75a9-c4cb-42d5-9abc-56d458ab560d

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks