HYASInsight Enrich Incident By OS Indicator Information
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook enriches file hashes asscociated with an incident with by os indicator information.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | HYAS |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 3 |
hyasinsight |
Managed | 1 | 0 |
hyasinsight_1 |
Managed | 0 | 1 |
Action parameters (URLs, paths, function IDs)
azuresentinel (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_FileHashes | post | /entities/filehash |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_4 | post | /Incidents/Comment |
— |
hyasinsight_1 (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_Open_Source_Indicators_Information_SHA1 | get | /os_indicators |
— |
Additional Documentation
📄 Source: HYAS-Insight-File-Hash-OS-Indicator-Data/readme.md
HYASInsight-FileHash-OS-Indicator
author: Paul van Gool, HYAS Infosec
This playbook uses the HYAS Insight connector to automatically enrich incidents generated by Sentinel with OS-Indicator information. You need a valid subscription in order to use the connector and playbook. Learn more about the integration via the connector documentation or visit HYAS Insight to request a trial key.
Links to deploy the HYASInsight-FileHash-OS-Indicator template:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊