CDC_Dismiss_Upstream_Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Content Index
author: Bridewell Consulting - Robert Kitching
| Attribute |
Value |
| Type |
Playbook |
| Solution |
Standalone Content |
| Source |
View on GitHub |
Tables Used
This content item queries data from the following tables:
| Table |
Selection Criteria |
Transformations |
Ingestion API |
Lake-Only |
SecurityAlert |
SystemAlertId == "@{items(" |
✓ |
✗ |
✓ |
Logic App Connectors
This playbook uses 4 Logic App connectors / built-in actions:
Action parameters (URLs, paths, function IDs)
| Action |
Method |
Endpoint |
Other |
| Run_query_and_list_results_2 |
post |
/queryData |
— |
| Action |
Method |
Endpoint |
Other |
| Run_query_and_list_results |
post |
/queryData |
— |
| Run_query_and_list_results_3 |
post |
/queryData |
— |
| Action |
Method |
Endpoint |
Other |
| Alerts_-_Update_alert |
patch |
/api/alerts/@{encodeURIComponent('body(''Run_query_and_list_results_2'')[''value''][0][''VendorOriginalId'']')} |
— |
http (Built-in)
| Action |
Method |
Endpoint |
Other |
| Get_incident_relation_data |
GET |
https://management.azure.com/subscriptions/@{variables('Settings')['subscriptionId']}/resourcegroups/@{variables('Settings')['resourceGroup']}/providers/Microsoft.OperationalInsights/workspaces/@{variables('Settings')['logWorkspace']}/providers/Microsoft.SecurityInsights/incidents/@{items('For_each')['name']}/relations |
— |
| HTTP |
POST |
https://management.azure.com/subscriptions/@{body('Run_query_and_list_results')['value'][0]['ascsubid']}/resourcegroups/@{body('Run_query_and_list_results')['value'][0]['ascrgname']}/providers/Microsoft.Security/locations/@{body('Run_query_and_list_results')['value'][0]['asclocation']}/alerts/@{body('Run_query_and_list_results')['value'][0]['ascalertname']}/dismiss |
— |
| Resolve_MCAS_Alert |
POST |
[concat(parameters('McasBaseUrl'),'api/v1/alerts/resolve/')] |
— |
| Dismiss_MCAS_Alert |
POST |
[concat(parameters('McasBaseUrl'),'api/v1/alerts/','@{body(''Run_query_and_list_results_3'')[''value''][0][''alertId'']}','/dismiss/')] |
— |
| Get_incidents |
GET |
@variables('requestUrl') |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks