Update-BulkIncidents

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

authors: Priscila Viana, Nathan Swift

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuremonitorlogs`	Managed	1	1
`azuresentinel`	Managed	1	4

Action parameters (URLs, paths, function IDs)

`azuremonitorlogs` (Managed)

Action	Method	Endpoint	Other
SearchSecurityIncident	post	`/queryData`	—

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Change_incident_status_4	put	`/Case/@{encodeURIComponent(parameters('SentinelSubId'))}/@{encodeURIComponent(parameters('SentinelWorkspaceId'))}/@{encodeURIComponent(parameters('SentinelResourceGroup'))}/@{encodeURIComponent('Incident')}/@{encodeURIComponent(items('For_each_4')?['IncidentNumber'])}/Status/@{encodeURIComponent('Closed')}`	—
Change_incident_status	put	`/Case/@{encodeURIComponent(parameters('SentinelSubId'))}/@{encodeURIComponent(parameters('SentinelWorkspaceId'))}/@{encodeURIComponent(parameters('SentinelResourceGroup'))}/@{encodeURIComponent('Incident')}/@{encodeURIComponent(items('For_each')?['IncidentNumber'])}/Status/@{encodeURIComponent(triggerBody()?['bulkoperation']?['operationstatus'])}`	—
Change_incident_status_5	put	`/Case/@{encodeURIComponent(parameters('SentinelSubId'))}/@{encodeURIComponent(parameters('SentinelWorkspaceId'))}/@{encodeURIComponent(parameters('SentinelResourceGroup'))}/@{encodeURIComponent('Incident')}/@{encodeURIComponent(items('For_each_5'))}/Status/@{encodeURIComponent('Closed')}`	—
Change_incident_status_2	put	`/Case/@{encodeURIComponent(parameters('SentinelSubId'))}/@{encodeURIComponent(parameters('SentinelWorkspaceId'))}/@{encodeURIComponent(parameters('SentinelResourceGroup'))}/@{encodeURIComponent('Incident')}/@{encodeURIComponent(items('For_each_2'))}/Status/@{encodeURIComponent(triggerBody()?['bulkoperation']?['operationstatus'])}`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks