RFI-Playbook-Alert-Importer
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook fetches identity compromises from Recorded Future, places users in a security group and confirms them as 'risky users' in Entra ID.
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Add_risky_user_to_Active_Directory_security_group_for_users_at_risk |
post |
/v1.0/groups/@{encodeURIComponent(parameters('entra_id_security_group_id'))}/members/$ref |
— |
| Get_User_-_Check_if_the_user_exists_in_Active_Directory |
get |
/v1.0/users/@{encodeURIComponent(outputs('Compute_user_principal_name'))} |
— |
| Action |
Method |
Endpoint |
Other |
| Confirm_a_risky_user_as_compromised |
post |
/beta/riskyUsers/confirmCompromised |
— |
| Action |
Method |
Endpoint |
Other |
| Playbook_Alerts_-_Update_Playbook_Alert |
put |
/playbook-alerts/update |
— |
| Playbook_Alerts_-Update_Playbook_Alert-_If_user_not_found |
put |
/playbook-alerts/update |
— |
| Playbook_Alerts_-_Search_for_novel_identity_exposures |
post |
/playbook-alerts/search |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks · Back to Recorded Future Identity