Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Imports each Indicator of a Microsoft Sentinel Incident triggered by an Infoblox SOC Insight into the ThreatIntelligenceIndicator table. You must run the Infoblox-SOC-Get-Insight-Details playbook on a SOC Insight Incident before running this playbook.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Infoblox SOC Insights |
| Source | View on GitHub |
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuremonitorlogs |
Managed | 1 | 2 |
azuresentinel |
Managed | 1 | 0 |
http |
Built-in | 0 | 2 |
azuremonitorlogs (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_Domains | post | /queryDataV2 |
— |
| Get_IPs | post | /queryDataV2 |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Send_IPs_to_Sentinel | POST | https://graph.microsoft.com/beta/security/tiIndicators |
— |
| Send_Domains_to_Sentinel | POST | https://graph.microsoft.com/beta/security/tiIndicators |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊