TacitRed to CrowdStrike IOC Automation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook fetches compromised credential findings from TacitRed threat intelligence and creates corresponding IOC indicators in CrowdStrike Falcon for automated threat response.

Attribute	Value
Type	Playbook
Solution	TacitRed-IOC-CrowdStrike
Source	View on GitHub

Logic App Connectors

This playbook uses 1 Logic App connector / built-in action:

Connector / Action	Type	Connections	Actions
`http`	Built-in	0	3

Action parameters (URLs, paths, function IDs)

`http` (Built-in)

Action	Method	Endpoint	Other
Get_TacitRed_Findings	GET	`@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&page=1&page_size=50`	—
Get_CrowdStrike_Token	POST	`@{parameters('CrowdStrike_BaseUrl')}@{parameters('CrowdStrike_TokenPath')}`	—
Post_IOC_to_CrowdStrike	POST	`@{parameters('CrowdStrike_BaseUrl')}@{parameters('CrowdStrike_IocPath')}?ignore_warnings=true`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to TacitRed-IOC-CrowdStrike

TacitRed to CrowdStrike IOC Automation

Logic App Connectors

http (Built-in)

`http` (Built-in)