Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Author: Yaniv Shasha This Logic App act as listener for a incident close event in ServiceNow and will close the incident in Sentinel.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityIncident |
✓ | ✗ | ✓ |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| DerdackSIGNL4 | SIGNL4 |
Solutions: SIGNL4
This playbook uses 3 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuremonitorlogs |
Managed | 1 | 1 |
azuresentinel |
Managed | 1 | 1 |
http |
Built-in | 0 | 2 |
azuremonitorlogs (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Run_query_and_list_results | post | /queryData |
— |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_comment_to_incident_(V2) | put | /Comment/@{encodeURIComponent(body('Parse_JSON_2')?['value']?[0]['SubId'])}/@{encodeURIComponent(body('Parse_JSON_2')?['value']?[0]['WorkspaceID'])}/@{encodeURIComponent(body('Parse_JSON_2')?['value']?[0]['RG'])}/@{encodeURIComponent('Incident')}/@{encodeURIComponent(body('Parse_JSON_2')?['value']?[0]['IncidentNumber'])} |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Close_Incident_ | PUT | https://management.azure.com/subscriptions/@{body('Parse_JSON_2')?['value']?[0]['SubId']}/resourceGroups/@{body('Parse_JSON_2')?['value']?[0]['RG']}/providers/Microsoft.OperationalInsights/workspaces/@{body('Parse_JSON_2')?['value']?[0]['WorkspaceName']}/providers/Microsoft.SecurityInsights/incidents/@{body('Parse_JSON_2')?['value']?[0]['IncidentName']}/?api-version=2020-01-01 |
— |
| GEt_incident_-_bring_fresh_Etag | GET | https://management.azure.com/subscriptions/@{body('Parse_JSON_2')?['value']?[0]['SubId']}/resourceGroups/@{body('Parse_JSON_2')?['value']?[0]['RG']}/providers/Microsoft.OperationalInsights/workspaces/@{body('Parse_JSON_2')?['value']?[0]['WorkspaceName']}/providers/Microsoft.SecurityInsights/incidents/@{body('Parse_JSON_2')?['value']?[0]['IncidentName']}/?api-version=2020-01-01 |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊