Vectra Dynamic Assign Member To Group
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook allows users to filter the group list by providing a group type and a description. From the filtered list, users can choose a group and provide member details to add members to the group dynamically.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Vectra XDR |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 5 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
keyvault |
Managed | 1 | 0 |
keyvault_3 |
Managed | 0 | 2 |
teams |
Managed | 1 | 1 |
http |
Built-in | 0 | 2 |
workflow |
Built-in | 0 | 2 |
Action parameters (URLs, paths, function IDs)
keyvault_3 (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_Access_Token_For_Groups_Data | get | /secrets/@{encodeURIComponent('Vectra-Access-Token')}/value |
— |
| Get_Access_Token_For_Assign_Members_To_Group | get | /secrets/@{encodeURIComponent('Vectra-Access-Token')}/value |
— |
teams (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Post_Message_For_No_Groups_Found | post | /beta/teams/conversation/message/poster/Flow bot/location/@{encodeURIComponent('Channel')} |
— |
http (Built-in)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| HTTP_Request_To_Fetch_Available_Groups | GET | @{variables('base_url')}/api/@{variables('api_version')}/groups |
— |
| HTTP_Request_To_Assign_Members_To_Group | PATCH | @{variables('base_url')}/api/@{variables('api_version')}/groups/@{variables('selected_group')} |
— |
workflow (Built-in)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| GenerateAccessTokenVectra | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/',trim(parameters('GenerateAccessCredPlaybookName')))]triggerName= manual |
| GenerateAccessTokenVectra_2 | — | — | workflowId=[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Logic/workflows/',trim(parameters('GenerateAccessCredPlaybookName')))]triggerName= manual |
Additional Documentation
Vectra Dynamic Assign Members To Group
Summary
This playbook allows users to filter the group list by providing a group type and a description. From the filtered list, users can choose a group and provide member details to add members to the group dynamically.
Prerequisites
- Obtain Key Vault name and Tenant ID where client credentials are stored using which the access token will be generated.
- Create a Key Vault with a unique name.
- Go to Key Vaults → your Key Vault → Overview and copy Directory ID, which will be used as the tenant ID.
- NOTE: Ensure the Permission model in the Access Configuration of Key Vault is set to 'Vault access policy'.
- Obtain Teams GroupId and ChannelId.
- Create a Team with a public channel.
- Click on the three dots (...) next to your newly created Teams channel and select Get link to channel.
- Copy the text from the link between
/channeland/, decode it using an online URL decoder, and copy it to use as Channel ID. - Copy the text of the GroupId parameter from the link to use as GroupId.
- Ensure the VectraGenerateAccessToken playbook is deployed before deploying VectraDynamicAssignMembersToGroup playbook.
Deployment Instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill in the required parameters:
- PlaybookName: Enter the playbook name here.
- KeyVaultName: Name of the Key Vault where secrets are stored.
- TenantId: Tenant ID where the Key Vault is located.
- BaseURL: Enter the base URL of your Vectra account.
- TeamsGroupId: Enter Id of the Teams Group where the adaptive card will be posted.
- TeamsChannelId: Enter Id of the Teams Channel where the adaptive card will be posted.
- GenerateAccessCredPlaybookName: Playbook name which is deployed as part of prerequisites.
Post-Deployment Instructions
a. Authorize connections
Once deployment is complete, authorize each connection.
- Go to your logic app → API connections → Select keyvault connection resource.
- Go to General → Edit API connection.
- Click Authorize.
- Sign in.
- Click Save.
- Repeat steps for other connections.
b. Add Access Policy in Key Vault
Add access policy for the playbook's managed identity and authorized user to read and write secrets of the Key Vault.
- Go to Logic App → your Logic App → Identity → System assigned Managed identity and copy Object (principal) ID.
- Go to Key Vaults → your Key Vault → Access policies → Create.
- Select all keys & secrets permissions. Click Next.
- In the principal section, search by copied Object ID. Click Next.
- Click Review + Create.
- Repeat steps 2 to 5 to add access policy for the user account used to authorize the connection.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊