ServiceNow TISC Incident Enrichment

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook leverages the ServiceNow TISC API to enrich IP, Domain, URL, and Hash indicators found in Microsoft Sentinel incidents. The enrichment content will be posted as a comment in the Microsoft Sentinel incident.

Attribute	Value
Type	Playbook
Solution	ServiceNow TISC
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	1
`ServiceNowTISCCustomConnector`	Custom	1	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—

`ServiceNowTISCCustomConnector` (Custom)

Action	Method	Endpoint	Other
Fetch_Observables_TISC_API	post	`/api/sn_sec_tisc/threat_intel_data/observables`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to ServiceNow TISC

ServiceNow TISC Incident Enrichment

Logic App Connectors

azuresentinel (Managed)

ServiceNowTISCCustomConnector (Custom)

`azuresentinel` (Managed)

`ServiceNowTISCCustomConnector` (Custom)