Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will enrich a Sentinel Incident with pulse information from AlienVault OTX. If any pulses are found the Incident will also be tagged and the severity raised to High.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 9 |
http |
Built-in | 0 | 4 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_comment_to_incident_(V3)_-_Domain_TI | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_-_File_TI | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_-_IP_TI | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_-_URL_TI | post | /Incidents/Comment |
— |
| Entities_-_Get_FileHashes | post | /entities/filehash |
— |
| Entities_-_Get_IPs | post | /entities/ip |
— |
| Entities_-_Get_URLs | post | /entities/url |
— |
| Update_incident_-_Raise_Severity_and_Tag | put | /Incidents |
— |
| Update_incident__-_Tag | put | /Incidents |
— |
http (Built-in)| Action | Method | Endpoint | Other |
|---|---|---|---|
| HTTP_-_OTX_Domain | GET | https://otx.alienvault.com/api/v1/indicators/domain/@{items('For_each_Domain')['properties']['domainName']}/general |
— |
| HTTP_-_OTX_File | GET | https://otx.alienvault.com/api/v1/indicators/file/@{items('For_each_FileHash')?['Value']} |
— |
| HTTP_-_OTX_IP | GET | https://otx.alienvault.com//api/v1/indicators/IPv4/@{items('For_each_IP')?['Address']} |
— |
| HTTP_-_OTX_URL | GET | https://otx.alienvault.com/api/v1/indicators/url/@{encodeUriComponent(items('For_each_URL')?['Url'])}/general |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊