Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days. It will also add a comment to the incident with the file hash and action taken.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | MicrosoftDefenderForEndpoint |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 2 |
http |
Built-in | 0 | 2 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_comment_to_incident_(V3)-1 | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)-2 | post | /Incidents/Comment |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| HTTP_Alert_and_Block_Sha1 | POST | https://api.securitycenter.windows.com/api/indicators |
— |
| HTTP_Alert_and_Block_Sha256 | POST | https://api.securitycenter.windows.com/api/indicators |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊