Pure Storage FlashBlade File System Snapshot

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook gets triggered when a Microsoft Sentinel Incident created for suspicious activity and it takes files system snapshot of specific file systems listed in key vault

Attribute	Value
Type	Playbook
Solution	Pure Storage
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	2
`keyvault`	Managed	1	2
`http`	Built-in	0	4

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Entities_-_Get_Accounts	post	`/entities/account`	—
Entities_-_Get_IPs	post	`/entities/ip`	—

`keyvault` (Managed)

Action	Method	Endpoint	Other
Get_secret	get	`/secrets/@{encodeURIComponent(replace(items('IP_Loop')?['Address'], '.', '-'))}/value`	—
Get_FileSystem_list	get	`/secrets/@{encodeURIComponent(concat(replace(items('IP_Loop')?['Address'], '.', '-'),'-filesystem'))}/value`	—

`http` (Built-in)

Action	Method	Endpoint	Other
Fetching_API_version	GET	`https://@{item()?['Address']}/api/api_version`	—
Retrieving_auth_token	POST	`https://@{item()?['Address']}/api/login`	—
FileSystem_snapshot	POST	`https://@{item()?['Address']}/api/@{last(body('Fetching_API_version')?['versions'])}/file-system-snapshots`	—
Logout_of_the_FlashBlade	POST	`https://@{item()?['Address']}/api/logout`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Pure Storage

Pure Storage FlashBlade File System Snapshot

Logic App Connectors

azuresentinel (Managed)

keyvault (Managed)

http (Built-in)

`azuresentinel` (Managed)

`keyvault` (Managed)

`http` (Built-in)