SpectraAnalyze-EnrichNetworkEntities

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook will enrich a network entities (IP addresses, URLs, and domain names) with information from a Spectra Analyze appliance. A comment will be added to the incident with details about the entity.

Attribute	Value
Type	Playbook
Solution	ReversingLabs
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	6
`reversinglabsa1000`	Managed	1	3

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)_1	post	`/Incidents/Comment`	—
Add_comment_to_incident_(V3)_2	post	`/Incidents/Comment`	—
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—
Entities_-_Get_DNS	post	`/entities/dnsresolution`	—
Entities_-_Get_IPs	post	`/entities/ip`	—
Entities_-_Get_URLs	post	`/entities/url`	—

`reversinglabsa1000` (Managed)

Action	Method	Endpoint	Other
Retrieve_information_for_a_URL_1	get	`/api/network-threat-intel/url/`	—
Retrieve_information_for_a_domain_1	get	`/api/network-threat-intel/domain/@{encodeURIComponent(item()?['DomainName'])}/`	—
Retrieve_information_for_an_IP_address_1	get	`/api/network-threat-intel/ip/@{encodeURIComponent(item()?['Address'])}/report/`	—

Additional Documentation

📄 Source: SpectraAnalyze-EnrichNetworkEntities/readme.md

Author: Aaron Hoffmann (ReversingLabs)

Summary

This playbook enriches network entities (IP addresses, URLs, and domains) with information from a ReversingLabs Spectra Analyze (formerly A1000) appliance.