Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will get IP, File and Domain statistics from Microsoft Defender for Endpoint and them to a comment on the Incident in Azure Sentinel.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 5 |
wdatp |
Managed | 1 | 3 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_FileHashes | post | /entities/filehash |
— |
| Entities_-_Get_IPs | post | /entities/ip |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_3 | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_2 | post | /Incidents/Comment |
— |
wdatp (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Ips_-_Get_the_statistics_for_the_given_ip_address | get | /api/ips/@{encodeURIComponent(items('For_each')?['Address'])}/stats |
— |
| Domains_-_Get_the_statistics_for_the_given_domain_name | get | /api/domains/@{encodeURIComponent(items('For_each_2')?['DnsDomain'])}/stats |
— |
| Files_-_Get_the_statistics_for_the_given_file | get | /api/files/@{encodeURIComponent(items('For_each_3')?['Value'])}/stats |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊