Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook is intended to be run from a Microsoft Sentinel incident. It will match the hosts from an incident with machines in Microsoft Defender and tag those machines as compromised.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 1 |
wdatp |
Managed | 1 | 2 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_Hosts | post | /entities/host |
— |
wdatp (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Machines_-_Tag_Machine | post | /api/machines/@{encodeURIComponent(items('For_Each_-_Machine')?['id'])}/tags |
— |
| Machines_-_Get_List_of_Machines | get | /api/machines |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊