Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This Playbook is designed to ingest Threat Intelligence Indicators of Compromise (IOCs) from the MISP-Forwarder Playbooks and send it in the correct form to your MISP-server. It will create a new MISP event for each incident in Defender, and add information to that event.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 1 Logic App connector / built-in action:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
http |
Built-in | 0 | 9 |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_IoC_to_existing_event_MISP_-_FileHash | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Add_IoC_to_existing_event_MISP_-_FileName | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Add_attribute_-_IncidentID_internal_only | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Add_attribute_-_IncidentUri_link_internal_only | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Add_event_tag_MISP_-_tlp_green | POST | @{variables('MISPURI')}/events/addTag/@{variables('EventId')}/10789 |
— |
| Add_IoC_to_new_event_MISP_-_FileHash | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Add_IoC_to_new_event_MISP_-_FileName | POST | @{variables('MISPURI')}/attributes/add/@{variables('EventId')} |
— |
| Create_new_event_MISP | POST | @{variables('MISPURI')}/events/add/ |
— |
| Get_EventInfo_MISP | POST | @{variables('MISPURI')}/events/restSearch |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊