Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will create an IBM Resilient incident from an Azure Sentinel incident. It will also add the Azure Sentinel Incident Entities as IBM Resilient Incident Artifacts.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 3 |
Resilient-Incidents |
Custom | 1 | 5 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_Accounts | post | /entities/account |
— |
| Entities_-_Get_Hosts | post | /entities/host |
— |
| Entities_-_Get_IPs | post | /entities/ip |
— |
Resilient-Incidents (Custom)| Action | Method | Endpoint | Other |
|---|---|---|---|
| create_IncidentArtifact | post | /incidents/@{encodeURIComponent(body('create_incident')?['id'])}/artifacts |
— |
| create_IncidentArtifact_2 | post | /incidents/@{encodeURIComponent(body('create_incident')?['id'])}/artifacts |
— |
| create_IncidentArtifact_3 | post | /incidents/@{encodeURIComponent(body('create_incident')?['id'])}/artifacts |
— |
| create_IncidentArtifact_4 | post | /incidents/@{encodeURIComponent(body('create_incident')?['id'])}/artifacts |
— |
| create_incident | post | /incidents |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊