Infoblox Incident Enrichment Domains

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Leverages the Infoblox TIDE API to enrich Microsoft Sentinel incidents with detailed TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.

Attribute	Value
Type	Playbook
Solution	Infoblox Cloud Data Connector
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	3
`http`	Built-in	0	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Entities_-_Get_DNS	post	`/entities/dnsresolution`	—
Add_comment_to_incident	post	`/Incidents/Comment`	—
Update_incident_Tags	put	`/Incidents`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP_-Get_TIDE_Data(Hosts)	GET	`https://csp.infoblox.com/tide/api/data/threats`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Infoblox Cloud Data Connector

Infoblox Incident Enrichment Domains

Logic App Connectors

azuresentinel (Managed)

http (Built-in)

`azuresentinel` (Managed)

`http` (Built-in)