AS-Sign-Out-Google-User
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
This playbook is intended to be run from a Microsoft Sentinel Incident. It will look up the Google Users associated with the Incident Account Entities and sign them out of all Google web and device sessions. This action also resets user sign-in cookies and forces them reauthenticate. A comment noting the affected Google Users will be added to the Incident.
| Attribute |
Value |
| Type |
Playbook |
| Solution |
Standalone Content |
| Source |
View on GitHub |
Logic App Connectors
This playbook uses 4 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Add_comment_to_incident_(V3)_-_Affected_Google_Users |
post |
/Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_-_No_Affected_Google_Users |
post |
/Incidents/Comment |
— |
| Entities_-_Get_Accounts |
post |
/entities/account |
— |
| Action |
Method |
Endpoint |
Other |
| Get_secret_-_Google_Service_Account_Private_Key |
get |
[concat('/secrets/@{encodeURIComponent(''', parameters('SecretName'), ''')}/value')] |
— |
| Action |
Method |
Endpoint |
Other |
| CreateGoogleJWT |
— |
— |
functionId=[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name ,'/providers/Microsoft.Web/sites/', parameters('FunctionAppName'), '/functions/CreateGoogleJWT')] |
http (Built-in)
| Action |
Method |
Endpoint |
Other |
| HTTP_-_Sign_Out_User |
POST |
https://admin.googleapis.com/admin/directory/v1/users/@{concat(items('For_each_-_Account')?['name'], '@', items('For_each_-_Account')?['UPNSuffix'])}/signOut |
— |
| HTTP_-_Access_Token |
POST |
https://oauth2.googleapis.com/token |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks