Infoblox-TIDE-Lookup-Via-Incident
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
The playbook takes entity type and value from incident available in Workbook and ingests TIDE Lookup data for that entity into Log table.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Infoblox |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 0 |
azuresentinel_1 |
Managed | 0 | 4 |
workflow |
Built-in | 0 | 4 |
Action parameters (URLs, paths, function IDs)
azuresentinel_1 (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_FileHashes_From_Entities | post | /entities/filehash |
— |
| Get_Hosts_From_Entities | post | /entities/host |
— |
| Get_IPs_From_Entities | post | /entities/ip |
— |
| Get_URLs_From_Entities | post | /entities/url |
— |
workflow (Built-in)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Infoblox_TIDE_Lookup_For_Hash | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/','Infoblox-TIDE-Lookup')]triggerName= manual |
| Infoblox_TIDE_Lookup_For_Host | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/','Infoblox-TIDE-Lookup')]triggerName= manual |
| Infoblox_TIDE_Lookup_For_IP | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/','Infoblox-TIDE-Lookup')]triggerName= manual |
| Infoblox_TIDE_Lookup_For_URL | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/','Infoblox-TIDE-Lookup')]triggerName= manual |
Additional Documentation
Infoblox TIDE Lookup Via Incident
Summary
The playbook takes entity type and value from incident available in Workbook and ingests TIDE Lookup data for that entity into Log table.
Prerequisites
- Make sure that Infoblox-TIDE-Lookup playbook is deployed before deploying Infoblox-TIDE-Lookup-Via-Incident playbook.
Deployment instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill in the required parameters:
- Playbook Name: Enter the playbook name here
Post-Deployment instructions
- In Microsoft sentinel, analytical rules should be configured to trigger an incident which has Entities Mapping.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊