Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook is intended to be run from a Microsoft Sentinel incident. If any IP entities are found to match those in a specified watchlist containing a list of subnets, a comment noting this match will be added to the incident and the incident will be tagged with a label of your choosing.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuremonitorlogs |
Managed | 1 | 1 |
azuresentinel |
Managed | 1 | 3 |
azuremonitorlogs (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Run_query_and_list_results | post | /queryData |
— |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Update_incident | put | /Incidents |
— |
| Entities_-_Get_IPs | post | /entities/ip |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊