AD4IoT-NewAssetServiceNowTicket

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Normally, the authorized entity to program a PLC is the Engineering Workstation, to program a PLC attackers might create a new Engineering Workstation to create malicious programing. The following playbook will open a ticket in ServiceNow each time a new Engineering Workstation is detected. This playbook parses explicitly the IoT device entity fields. For more information, see [AD4IoT-NewAssetServiceNowTicket](https://github.com/Azure/Azure-Sentinel/blob/master/Playbooks/AD4IoT-NewAssetServiceNo

Attribute	Value
Type	Playbook
Solution	IoTOTThreatMonitoringwithDefenderforIoT
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`service-now`	Managed	1	1

Action parameters (URLs, paths, function IDs)

`service-now` (Managed)

Action	Method	Endpoint	Other
Create_Record	post	`/api/now/v2/table/@{encodeURIComponent('incident')}`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to IoTOTThreatMonitoringwithDefenderforIoT

AD4IoT-NewAssetServiceNowTicket

Logic App Connectors

service-now (Managed)

`service-now` (Managed)