AS-IP-Blocklist-HTTP
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook is intended to be triggered from an Azure Logic App master playbook. It will add the IP address from Microsoft Sentinel Incidents to a Microsoft Azure Conditional Access Named Locations list, signifying compromised IP addresses.
| Attribute |
Value |
| Type |
Playbook |
| Solution |
Standalone Content |
| Source |
View on GitHub |
Logic App Connectors
This playbook uses 3 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Add_comment_to_incident_(V3) |
post |
/Incidents/Comment |
— |
| Action |
Method |
Endpoint |
Other |
| Get_Secret |
get |
[concat('/secrets/@{encodeURIComponent(''', parameters('SecretName'), ''')}/value')] |
— |
http (Built-in)
| Action |
Method |
Endpoint |
Other |
| HTTP-_Add_IP_to_Named_Locations_List |
PATCH |
[concat('https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations/', parameters('NamedLocationsListID'))] |
— |
| HTTP_-_Get_Previous_List_Values |
GET |
[concat('https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations/', parameters('NamedLocationsListID'))] |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks