Enrich file hash entities - Intezer Analyze

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This playbook will enrich a Sentinel Incident with hash information from Intezer Analyze.

Attribute Value
Type Playbook
Solution Standalone Content
Source View on GitHub

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azuresentinel Managed 1 5
keyvault Managed 1 1
Intezer-Analyze-Community Custom 1 1
http Built-in 0 1
Action parameters (URLs, paths, function IDs)

azuresentinel (Managed)

Action Method Endpoint Other
Add_comment_to_incident_(V3) post /Incidents/Comment
Update_incident_2 put /Incidents
Update_incident put /Incidents
Entities_-_Get_FileHashes post /entities/filehash
Update_incident_-_quota_limit put /Incidents

keyvault (Managed)

Action Method Endpoint Other
Get_secret_intezer_api_key get /secrets/@{encodeURIComponent('malware-intezer-api-key')}/value

Intezer-Analyze-Community (Custom)

Action Method Endpoint Other
Get_access_token post /api/v2-0/get-access-token

http (Built-in)

Action Method Endpoint Other
HTTP_-_get_latest_analysis GET https://analyze.intezer.com/api/v2-0/files/@{body('Parse_JSON_FileHash')?['hashValue']}

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks