Get-AD4IoTDeviceCVEs - Incident

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

For each IoT device entity included in the alert, this playbook will get CVEs from the Azure Defender for IoT Sensor.

Attribute Value
Type Playbook
Solution IoTOTThreatMonitoringwithDefenderforIoT
Source View on GitHub

⚠️ Not listed in Solution JSON: This content item was discovered by scanning the solution folder but is not included in the official Solution JSON file. It may be a legacy item, under development, or excluded from the official solution package.

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azureblob Managed 1 2
azuresentinel Managed 1 2
keyvault Managed 1 1
http Built-in 0 1
Action parameters (URLs, paths, function IDs)

azureblob (Managed)

Action Method Endpoint Other
Create_SAS_URI_by_path_(V2) post [concat('/v2/datasets/@{encodeURIComponent(', variables('singlequote'), variables('AzureStorageName'), variables('singlequote'),')}/CreateSharedLinkByPath')]
Create_blob_(V2) post [concat('/v2/datasets/@{encodeURIComponent(encodeURIComponent(', variables('singlequote'), variables('AzureStorageName'), variables('singlequote'),'))}/files')]

azuresentinel (Managed)

Action Method Endpoint Other
Add_comment_to_incident_(V3) post /Incidents/Comment
Add_comment_to_incident_(V3)_2 post /Incidents/Comment

keyvault (Managed)

Action Method Endpoint Other
Get_secret get [concat('/secrets/@{encodeURIComponent(', variables('singlequote'), variables('KeyName'), variables('singlequote'), ')}/value')]

http (Built-in)

Action Method Endpoint Other
HTTP GET @{variables('Server')}/api/v1/devices/@{items('For_each')?['IpAddress']?['Address']}/cves

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks · Back to IoTOTThreatMonitoringwithDefenderforIoT