Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook searches the Recorded Future Identity Intelligence Module for compromised external (customer) users. This playbook depends on: - RFI-add-EntraID-security-group-user - RFI-confirm-EntraID-risky-user - RFI-lookup-and-save-user Those playbooks need to be installed manually before installing current playbook.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Recorded Future Identity |
| Source | View on GitHub |
This playbook uses 4 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azureloganalyticsdatacollector |
Managed | 1 | 1 |
azuremonitorlogs |
Managed | 1 | 1 |
recordedfutureidenti |
Managed | 1 | 1 |
workflow |
Built-in | 0 | 3 |
azureloganalyticsdatacollector (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Send_Data_-_Save_new_Malware_log_exposures_into_Log_Analytics_Custom_Log | post | /api/logs |
— |
azuremonitorlogs (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Query_Log_Analytics_for_Malware_log_exposures | post | /queryData |
— |
recordedfutureidenti (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Credential_Search_-_Search_credential_data_for_one_or_more_domains | post | /credentials/search |
— |
workflow (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| RFI-add-EntraID-security-group-user | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-add-EntraID-security-group-user'))]triggerName= manual |
| RFI-confirm-EntraID-risky-user | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-confirm-EntraID-risky-user'))]triggerName= manual |
| RFI-lookup-and-save-user | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Logic/workflows/', parameters('Playbook-Name-lookup-and-save-user'))]triggerName= manual |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊