Infoblox-IPAM-Lookup

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

The playbook will retrieve IP entities from an incident, call an API to obtain IPAM lookup data, and add this data, along with IP space and subnet information, as a comment on the incident.

Attribute	Value
Type	Playbook
Solution	Infoblox
Source	View on GitHub

Additional Documentation

📄 Source: Infoblox IPAM Lookup/readme.md

Infoblox IPAM Lookup

• Summary
• Prerequisites
• Deployment instructions
• Post-Deployment instructions

Summary

The playbook will retrieve IP entities from an incident, call an API to obtain IPAM lookup data, and add this data, along with IP space and subnet information, as a comment on the incident.

Prerequisites

1. User must have a valid Infoblox API Key.

Deployment instructions

1. To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
2. Fill in the required parameters:
   • Playbook Name: Enter the playbook name here
   • Infoblox API Key: Enter valid value for API Key
   • Infoblox Base Url: Enter baseurl for your Infoblox instance.(e.g. https://csp.infoblox.com)

Post-Deployment instructions

a. Assign Role to add comment in incident

Assign role to this playbook.

1. Go to Log Analytics Workspace → → Access Control → Add
2. Add role assignment
3. Assignment type: Job function roles -> Add 'Microsoft Sentinel Contributor' as a Role
4. Members: select managed identity for assigned access to and add your logic app as member
5. Click on review+assign

b. Configurations in Microsoft Sentinel

1. In Microsoft sentinel, analytical rules should be configured to trigger an incident which has Entities Mapping available for IP
2. To manually run the playbook on a particular incident follow the below steps: a. Go to Microsoft Sentinel -> -> Incidents b. Select an incident c. In the right pane, click on Actions, and from the dropdown select the 'Run Playbook' option d. Click on the Run button beside this playbook

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Playbooks · Back to Infoblox