RFI-add-EntraID-security-group-user

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This playbook adds a compromised user to an EntraID security group. Triage and remediation should be handled in follow up playbooks or actions.

Attribute	Value
Type	Playbook
Solution	Recorded Future Identity
Source	View on GitHub

Logic App Connectors

This playbook uses 1 Logic App connector / built-in action:

Connector / Action	Type	Connections	Actions
azuread	Managed	1	2

Action parameters (URLs, paths, function IDs)

azuread (Managed)

Action	Method	Endpoint	Other
Add_risky_user_to_Active_Directory_security_group_for_users_at_risk	post	/v1.0/groups/@{encodeURIComponent(triggerBody()?['active_directory_security_group_id'])}/members/$ref	—
Get_User_-_Check_if_the_user_exists_in_Active_Directory	get	/v1.0/users/@{encodeURIComponent(variables('user_principal_name'))}	—

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to Recorded Future Identity