Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook uses the SOCRA Watchlist to automatically enrich incidents generated by Microsoft Sentinel with Tasks to review and take. Tasks will be evaluated per Customer Organization and edited/modified per their standards of conduct.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Standalone Content |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuremonitorlogs |
Managed | 1 | 3 |
azuresentinel |
Managed | 1 | 5 |
azuremonitorlogs (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Run_query_and_list_results_V2 | post | /queryDataV2 |
— |
| Run_query_and_list_results_V2_2 | post | /queryDataV2 |
— |
| Run_query_and_list_results | post | /queryData |
— |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Alert_-_Get_incident | get | /Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])} |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Add_task_to_incident | post | /Incidents/CreateTask |
— |
| Add_comment_to_incident_(V3)_2 | post | /Incidents/Comment |
— |
| Add_task_to_incident_2 | post | /Incidents/CreateTask |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊