Illumio Workload Quarantine Playbook
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook leverages Illumio workloads API to quarantine a workload based on user inputs. 
.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | IllumioSaaS |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 0 |
office365 |
Managed | 1 | 0 |
function |
Built-in | 0 | 1 |
Action parameters (URLs, paths, function IDs)
function (Built-in)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| QuarantineWorkloadFuncApp-quarantineWorkloadHTTPTrigger | — | — | functionId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/',parameters('Functionappname'), '/functions/quarantineWorkloadHTTPTrigger')] |
Additional Documentation
📄 Source: Illumio-Quarantine-Workload/readme.md
Microsoft Sentinel Playbooks for Illumio Integration
Playbooks are collections of procedures that can be run from Microsoft Sentinel.
Quarantine Workload Playbook
- The logic app can be invoked as a http request.
- The payload should contain workload hostname/s and label/s.
- Function app is called with the above payload which makes a call to the PCE and applies labels to the workloads mentioned in payload.
To deploy, follow the below steps
Deploy the function app first
Deploy the logic app next:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊