Update Watchlist - CVE IPs by GreyNoise

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook uses the GreyNoise API to search for interesting IPs discovered in the last day tagged per each CVE found in the mode you setup.

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	5
`http`	Built-in	0	5

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Watchlists_-_Add_a_new_watchlist_item_4	put	`/Watchlists/subscriptions/@{encodeURIComponent(parameters('SentinelSubscriptionId'))}/resourceGroups/@{encodeURIComponent(parameters('SentinelRGName'))}/workspaces/@{encodeURIComponent(parameters('SentinelWorkspaceID'))}/watchlists/@{encodeURIComponent('GreyNoiseIPsbyCVEs')}/watchlistItem`	—
Watchlists_-_Add_a_new_watchlist_item_3	put	`/Watchlists/subscriptions/@{encodeURIComponent(parameters('SentinelSubscriptionId'))}/resourceGroups/@{encodeURIComponent(parameters('SentinelRGName'))}/workspaces/@{encodeURIComponent(parameters('SentinelWorkspaceID'))}/watchlists/@{encodeURIComponent('GreyNoiseIPsbyCVEs')}/watchlistItem`	—
Watchlists_-_Add_a_new_watchlist_item	put	`/Watchlists/subscriptions/@{encodeURIComponent(parameters('SentinelSubscriptionId'))}/resourceGroups/@{encodeURIComponent(parameters('SentinelRGName'))}/workspaces/@{encodeURIComponent(parameters('SentinelWorkspaceID'))}/watchlists/@{encodeURIComponent('GreyNoiseIPsbyCVEs')}/watchlistItem`	—
Watchlists_-_Add_a_new_watchlist_item_2	put	`/Watchlists/subscriptions/@{encodeURIComponent(parameters('SentinelSubscriptionId'))}/resourceGroups/@{encodeURIComponent(parameters('SentinelRGName'))}/workspaces/@{encodeURIComponent(parameters('SentinelWorkspaceID'))}/watchlists/@{encodeURIComponent('GreyNoiseIPsbyCVEs')}/watchlistItem`	—
Watchlists_-_Get_all_watchlist_Items_for_a_given_watchlist	get	`/Watchlists/subscriptions/@{encodeURIComponent(parameters('SentinelSubscriptionId'))}/resourceGroups/@{encodeURIComponent(parameters('SentinelRGName'))}/workspaces/@{encodeURIComponent(parameters('SentinelWorkspaceID'))}/watchlists/@{encodeURIComponent('GreyNoiseCVEs')}/watchlistItems`	—

`http` (Built-in)

Action	Method	Endpoint	Other
GetGreyNoiseCVEIPs4	GET	`https://api.greynoise.io/v2/experimental/gnql?query=@{items('For_each_6')?['id']}%20AND%20last_seen%3A@{parameters('LookBack')}`	—
GetCVEsFromMDE	GET	`https://api.securitycenter.microsoft.com/api/Vulnerabilities?$filter=publishedOn+ge+@{body('Get_past_time')}`	—
GetGreyNoiseCVEIPs3	GET	`https://api.greynoise.io/v2/experimental/gnql?query=@{items('For_each_4')}%20AND%20last_seen%3A@{parameters('LookBack')}`	—
GetGreyNoiseCVEIPs	GET	`https://api.greynoise.io/v2/experimental/gnql?query=CVE-2022-22947%20AND%20last_seen%3A@{parameters('LookBack')}`	—
GetGreyNoiseCVEIPs2	GET	`https://api.greynoise.io/v2/experimental/gnql?query=@{items('For_each_2')?['properties.itemsKeyValue']?['CVE']}%20AND%20last_seen%3A@{parameters('LookBack')}`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks