Summarize Data for Network Session Essentials
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook summarizes data for Network Session Essentials and lands it into custom tables.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Network Session Essentials |
| Source | View on GitHub |
Tables Used
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
NetworkCustomAnalytics_CL |
? | ✓ | ? |
NetworkCustomAnalytics_country_CL |
? | ✓ | ? |
NetworkCustomAnalytics_ip_CL |
? | ✓ | ? |
NetworkCustomAnalytics_protocol_CL 🔶 |
? | ✓ | ? |
NetworkCustomAnalytics_rule_CL |
? | ✓ | ? |
NetworkCustomAnalytics_sourceInfo_CL |
? | ✓ | ? |
NetworkCustomAnalytics_source_port_CL |
? | ✓ | ? |
NetworkCustomAnalytics_threat_CL |
? | ✓ | ? |
NetworkCustomAnalytics_threat_ioc_CL |
? | ✓ | ? |
Logic App Connectors
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azureloganalyticsdatacollector |
Managed | 1 | 9 |
azuremonitorlogs |
Managed | 1 | 9 |
Action parameters (URLs, paths, function IDs)
azureloganalyticsdatacollector (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Send_Data_-_IP | post | /api/logs |
— |
| Send_Data_-_Port | post | /api/logs |
— |
| Send_Data_-_GeoCountry | post | /api/logs |
— |
| Send_Data_-_Overall | post | /api/logs |
— |
| Send_Data_-_Protocol | post | /api/logs |
— |
| Send_Data_-_SourceInfo | post | /api/logs |
— |
| Send_Data_-_Threat | post | /api/logs |
— |
| Send_Data_-_Threat_IOC | post | /api/logs |
— |
| Send_Data_-_Rule | post | /api/logs |
— |
azuremonitorlogs (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Run_query_and_list_results_-_IP | post | /queryData |
— |
| Run_query_and_list_results_-_Port | post | /queryData |
— |
| Run_query_and_list_results_-_GeoCountry | post | /queryData |
— |
| Run_query_and_list_results_-_Overall | post | /queryData |
— |
| Run_query_and_list_results_-_Protocol | post | /queryData |
— |
| Run_query_and_list_results_-_Rules | post | /queryData |
— |
| Run_query_and_list_results_-_SourceInfo | post | /queryData |
— |
| Run_query_and_list_results_-_Threat | post | /queryData |
— |
| Run_query_and_list_results_-_Threat_IOC | post | /queryData |
— |
Additional Documentation
📄 Source: SummarizeData_NSE/readme.md
Network Session Essentials Solution Summarization capability
This logic app helps to summarize Network session data into custom tables. This would incur additional cost.
Summary
To ensure good performance of Network Session Essentials solution, summarization capability can be used. This would create various custom tables containing analytics based on different parameters of ASIM Network Session Schema.
Deployment instructions
Deploy the playbook by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
Fill in the required parameter:
- Playbook Name: Enter the playbook name here (Ex: SummarizeData)
Post-Deployment instructions
a. Authorize connections (Perform this action if needed)
Once deployment is complete, you will need to authorize each connection.
- Click the Azure Monitor Logs
- Click edit API connection
- Click Authorize
- Sign in
- Click Save
- Click the Azure Log Analytics Data Collector
- Click edit API connection
- Add value for workspace id and key which is associated with the Sentinel instance
- Click Save
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊