Enrich-Sentinel-IPQualityScore-IP-Address-Reputation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook uses the IPQS Fraud and Risk Scoring connector to automatically enrich IP Addresses found in the Sentinel incidents. This Playbook Template provides the Reputation such as Critical, High Risk, Moderate Risk, Suspicious, Clean based on Fraud Score. Learn more about the integration via the https://docs.microsoft.com/connectors/ipqsfraudandriskscor/ or visit https://www.ipqualityscore.com/contact-us to request a trial key.

Attribute	Value
Type	Playbook
Solution	IPQualityScore
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	3
`ipqsfraudandriskscor`	Managed	1	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Entities_-_Get_IPs	post	`/entities/ip`	—
Add_comment_to_incident_(V3)_2	post	`/Incidents/Comment`	—
Alert_-_Get_incident_3	get	`/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}`	—

`ipqsfraudandriskscor` (Managed)

Action	Method	Endpoint	Other
Retrieve_IP_address_reputation_data	post	`/ip`	—

Additional Documentation

📄 Source: Enrich-Sentinel-IPQualityScore-IP-Address-Reputation/readme.md

author: David Mackler, IPQualityScore

Learn more about the integration via the https://docs.microsoft.com/connectors/ipqsfraudandriskscor/ or visit https://www.ipqualityscore.com/contact-us to request a trial key.