AS-Import-Azure-AD-Group-Users-to-MS-Watchlist

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook is intended to be run on a schedule. It will add the users from a specified Azure Active Directory group to a Microsoft Sentinel watchlist.

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuread`	Managed	1	1
`azuresentinel`	Managed	1	2

Action parameters (URLs, paths, function IDs)

`azuread` (Managed)

Action	Method	Endpoint	Other
Get_group_members	get	`[concat('/v1.0/groups/@{encodeURIComponent(''', parameters('GroupId'), ''')}/members')]`	—

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Watchlists_-_Add_a_new_watchlist_item	put	`[concat('/Watchlists/subscriptions/@{encodeURIComponent(''', subscription().subscriptionId, ''')}/resourceGroups/@{encodeURIComponent(''', resourceGroup().name, ''')}/workspaces/@{encodeURIComponent(''', parameters('WorkspaceId'), ''')}/watchlists/@{encodeURIComponent(''', parameters('WatchlistName'), ''')}/watchlistItem')]`	—
Watchlists_-_Get_all_watchlist_Items_for_a_given_watchlist	get	`[concat('/Watchlists/subscriptions/@{encodeURIComponent(''', subscription().subscriptionId, ''')}/resourceGroups/@{encodeURIComponent(''', resourceGroup().name, ''')}/workspaces/@{encodeURIComponent(''', parameters('WorkspaceId'), ''')}/watchlists/@{encodeURIComponent(''', parameters('WatchlistName'), ''')}/watchlistItems')]`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks

AS-Import-Azure-AD-Group-Users-to-MS-Watchlist

Logic App Connectors

azuread (Managed)

azuresentinel (Managed)

`azuread` (Managed)

`azuresentinel` (Managed)