Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
These playbooks use the Joshua Cyberiskvision threat intelligence to automatically enrich incidents generated by Microsoft Sentinel. From the analyst perspective, it is important that the alert contains essential information and therefore the ability to include custom details in the alert will improve the efficiency of investigation. Through this integration, the analyst can enrich incidents with further information. Enriched data will be added in Microsoft Sentinel incident comments.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Joshua-Cyberiskvision |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 3 |
http |
Built-in | 0 | 1 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Alert_-_Get_incident | get | /Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])} |
— |
| Entities_-_Get_FileHashes | post | /entities/url |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Joshua_Alert_Enrichment | GET | [parameters('Joshua_Alert_Enrichment-URI')] |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊