Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook uses the RiskIQ PassiveTotal connector to automatically enrich incidents generated by Microsoft Sentinel. RiskIQ intelligence provides analyst with deeper context around vulnerabilities, threat actors, their campaigns or other noteworthy context found from analyzing the Internet. Analysts can leverage this playbook to add context to indicators found within incidents. Each comment added to the incident will link to a more detailed intelligence card from RiskIQ.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | RiskIQ |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 5 |
riskiqpassivetotal |
Managed | 1 | 2 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Alert_-_Get_incident | get | /Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])} |
— |
| Entities_-_Get_Hosts | post | /entities/host |
— |
| Entities_-_Get_IPs | post | /entities/ip |
— |
| Add_comment_to_incident_(V3)_2 | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
riskiqpassivetotal (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_articles_by_indicator_host | get | /articles/indicator |
— |
| Get_articles_by_indicator_ip | get | /articles/indicator |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊