GreyNoise-IP-Enrichment

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

author: Nathan Swift

Attribute Value
Type Playbook
Solution Standalone Content
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
GreyNoiseIPContext_CL ? ?
GreyNoiseIPRIOT_CL ? ?

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azureloganalyticsdatacollector Managed 1 2
azuremonitorlogs Managed 1 5
azuresentinel Managed 1 5
http Built-in 0 2
Action parameters (URLs, paths, function IDs)

azureloganalyticsdatacollector (Managed)

Action Method Endpoint Other
Send_IPContext_Data_to_Sentinel post /api/logs
Send_RIOT_Data_to_Sentinel post /api/logs

azuremonitorlogs (Managed)

Action Method Endpoint Other
Run_query_and_visualize_results_IP_Detail post /visualizeQuery
Run_query_and_visualize_results_IP_Geo post /visualizeQuery
Run_query_and_visualize_results_IP_Main post /visualizeQuery
Run_query_and_visualize_results_IP_RIOT post /visualizeQuery
KQLRFC1918Check post /queryData

azuresentinel (Managed)

Action Method Endpoint Other
Add_comment_to_incident_(V3)_4 post /Incidents/Comment
Update_incident put /Incidents
Add_comment_to_incident_(V3)_2 post /Incidents/Comment
Add_comment_to_incident_(V3) post /Incidents/Comment
Update_incident_2 put /Incidents

http (Built-in)

Action Method Endpoint Other
GreyNoise_IP_Context GET https://api.greynoise.io/v2/noise/context/@{items('For_each_IP_Entity')}
GreyNoise_RIOT GET https://api.greynoise.io/v2/riot/@{items('For_each_IP_Entity')}

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks