TacitRed to SentinelOne IOC Automation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook fetches compromised credential findings from TacitRed threat intelligence and creates corresponding IOC indicators in SentinelOne for automated threat response.

Attribute	Value
Type	Playbook
Solution	TacitRed-SentinelOne
Source	View on GitHub

Logic App Connectors

This playbook uses 1 Logic App connector / built-in action:

Connector / Action	Type	Connections	Actions
`http`	Built-in	0	2

Action parameters (URLs, paths, function IDs)

`http` (Built-in)

Action	Method	Endpoint	Other
Get_TacitRed_Findings	GET	`@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&date_from=@{formatDateTime(addDays(utcNow(), -7), 'yyyy-MM-dd')}&page=1&page_size=100`	—
Post_IOC_to_SentinelOne	POST	`@{parameters('SentinelOne_BaseUrl')}/web/api/v2.1/threat-intelligence/iocs`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks · Back to TacitRed-SentinelOne

TacitRed to SentinelOne IOC Automation

Logic App Connectors

http (Built-in)

`http` (Built-in)