Infoblox SOC Get Insight Details

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

Leverages the Infoblox SOC Insights API to enrich a Microsoft Sentinel Incident triggered by an Infoblox SOC Insight & ingest Insight details into custom InfobloxInsight tables. The tables are used to build the Infoblox SOC Insights Workbook. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.

Attribute Value
Type Playbook
Solution Infoblox SOC Insights
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
InfobloxInsightAssets_CL 🔶 ? ?
InfobloxInsightComments_CL 🔶 ? ?
InfobloxInsightEvents_CL 🔶 ? ?
InfobloxInsightIndicators_CL 🔶 ? ?
InfobloxInsight_CL 🔶

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azureloganalyticsdatacollector Managed 1 5
azuresentinel Managed 1 2
http Built-in 0 6
Action parameters (URLs, paths, function IDs)

azureloganalyticsdatacollector (Managed)

Action Method Endpoint Other
Send_Summary_(Insight)_Data post /api/logs
Send_Asset_Data post /api/logs
Send_Comment_Data post /api/logs
Send_Event_Data post /api/logs
Send_Indicator_Data post /api/logs

azuresentinel (Managed)

Action Method Endpoint Other
Add_InfobloxInsightID_Tag put /Incidents
Update_Incident_Tags put /Incidents

http (Built-in)

Action Method Endpoint Other
Test_Connection_to_Infoblox_CSP GET https://csp.infoblox.com/api/v1/insights/@{items('For_each')?['properties']?['objectGuid']}
Get_Summary_Data GET https://csp.infoblox.com/api/v1/insights/@{items('For_each_Insight_ID')?['properties']?['objectGuid']}
Get_Asset_Data GET https://csp.infoblox.com/api/v1/insights/@{items('For_each_Insight_ID')?['properties']?['objectGuid']}/assets
Get_Comment_Data GET https://csp.infoblox.com/api/v1/insights/@{items('For_each_Insight_ID')?['properties']?['objectGuid']}/comments
Get_Event_Data GET https://csp.infoblox.com/api/v1/insights/@{items('For_each_Insight_ID')?['properties']?['objectGuid']}/events
Get_Indicator_Data GET https://csp.infoblox.com/api/v1/insights/@{items('For_each_Insight_ID')?['properties']?['objectGuid']}/indicators

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks · Back to Infoblox SOC Insights