| AD4IoT-CVEAutoWorkflow |
IoTOTThreatMonitoringwithDefenderforIoT |
1 |
0 |
| AD4IoT-MailByProductionLine |
IoTOTThreatMonitoringwithDefenderforIoT |
1 |
1 |
| AD4IoT-MailByProductionLine |
๐ GitHub Only |
1 |
1 |
| AD4IoT-SendEmailtoIoTOwner |
IoTOTThreatMonitoringwithDefenderforIoT |
2 |
0 |
| ADX-health-playbook |
๐ GitHub Only |
1 |
1 |
| AS-Incident-Response-Approval-Email |
๐ Standalone |
1 |
0 |
| AS-Incident-Spiderfoot-Scan |
๐ Standalone |
1 |
1 |
| AutoConnect-ASCSubscriptions |
๐ Standalone |
1 |
1 |
| Block AAD user or admin - Alert |
๐ Standalone |
1 |
3 |
| Block AAD user or admin - incident |
๐ Standalone |
1 |
3 |
| Block Entra ID user - Incident |
Microsoft Entra ID |
1 |
1 |
| Block Microsoft Entra ID user - Alert |
Microsoft Entra ID |
1 |
1 |
| Block Microsoft Entra ID user - Entity trigger |
Microsoft Entra ID |
1 |
1 |
| Block_IPs_on_MDATP_Using_GraphSecurity |
๐ Standalone |
1 |
0 |
| BlockADOnPremUser |
๐ Standalone |
1 |
2 |
| ConnectorHealthApp |
๐ GitHub Only |
1 |
1 |
| Create Incident From Microsoft Forms Response |
SentinelSOARessentials |
1 |
2 |
| Create Incident From Shared Mailbox |
SentinelSOARessentials |
1 |
3 |
| Create-Incident-Logic-App |
๐ Standalone |
1 |
0 |
| credential-warning |
Flare |
1 |
1 |
| Dataverse: Add user to blocklist using Outlook approval workflow |
Microsoft Business Applications |
1 |
0 |
| Dataverse: Send notification to manager |
Microsoft Business Applications |
1 |
0 |
| Export-Incidents-With-Comments-Report |
๐ Standalone |
1 |
1 |
| FileHash Enrichment - Palo Alto Wildfire |
๐ Standalone |
1 |
1 |
| Generate-Incident-Logic-App |
๐ Standalone |
1 |
0 |
| Get-GeoFromIPandTagIncident-EmailAlertBasedonGeo |
๐ GitHub Only |
1 |
1 |
| IdentityProtection-EmailResponse |
๐ Standalone |
1 |
0 |
| Illumio Containment Switch Playbook |
IllumioSaaS |
1 |
0 |
| Illumio Get Ven Details Playbook |
IllumioSaaS |
1 |
1 |
| Illumio Workload Quarantine Playbook |
IllumioSaaS |
1 |
0 |
| Incident Assignment Shifts |
SentinelSOARessentials |
1 |
1 |
| Infoblox Incident Send Email |
Infoblox Cloud Data Connector |
1 |
0 |
| Ingestion Cost Alert Playbook |
๐ Standalone |
1 |
0 |
| Isolate-AzureStorageAccount |
๐ Standalone |
1 |
0 |
| Isolate-AzureVMtoNSG |
๐ Standalone |
1 |
0 |
| JoeSandbox File Analyis |
JoeSandbox |
1 |
2 |
| Logic Apps Custom Connector and Playbook templates - HaveIBeenPwned |
๐ Standalone |
1 |
1 |
| Logic Apps Custom Connector and Playbook templates - Palo Alto Wildfire and PAN-OS |
๐ Standalone |
1 |
1 |
| Needs-Review-Incident-Email-Notification |
Armorblox |
1 |
1 |
| new-inc-notification |
๐ Standalone |
1 |
1 |
| Notify When Incident Is Closed |
SentinelSOARessentials |
1 |
1 |
| Notify When Incident Is Reopened |
SentinelSOARessentials |
1 |
1 |
| Notify When Incident Severity Changed |
SentinelSOARessentials |
1 |
1 |
| Notify-ASCAlertAzureResource |
๐ Standalone |
1 |
1 |
| Notify-GovernanceComplianceTeam |
AzureSecurityBenchmark |
1 |
1 |
| Notify-GovernanceComplianceTeam |
ZeroTrust(TIC3.0) |
1 |
1 |
| Notify-InsiderRiskTeam |
MicrosoftPurviewInsiderRiskManagement |
1 |
1 |
| Notify-LogManagementTeam |
MaturityModelForEventLogManagementM2131 |
1 |
1 |
| Notify_GovernanceComplianceTeam |
CybersecurityMaturityModelCertification(CMMC)2.0 |
1 |
1 |
| Notify_GovernanceComplianceTeam |
NISTSP80053 |
1 |
1 |
| Prompt User - Alert |
Microsoft Entra ID |
1 |
0 |
| Prompt User - Incident |
Microsoft Entra ID |
1 |
0 |
| Reset Microsoft Entra ID User Password - Alert Trigger |
Microsoft Entra ID |
1 |
1 |
| Reset Microsoft Entra ID User Password - Entity trigger |
Microsoft Entra ID |
1 |
1 |
| Reset Microsoft Entra ID User Password - Incident Trigger |
Microsoft Entra ID |
1 |
1 |
| Response on Teams - HaveIBeenPwned |
๐ Standalone |
1 |
1 |
| Revoke Entra ID SignIn Sessions - incident trigger |
Microsoft Entra ID |
1 |
1 |
| Revoke-Entra ID SignInSessions alert trigger |
Microsoft Entra ID |
1 |
1 |
| Security workflow: alert verification with workload owners |
Microsoft Business Applications |
1 |
3 |
| Send basic email |
SentinelSOARessentials |
1 |
1 |
| Send Email - HaveIBeenPwned |
๐ Standalone |
1 |
0 |
| Send email with formatted incident report |
SentinelSOARessentials |
1 |
1 |
| Send incident email with XDR Portal links |
SentinelSOARessentials |
1 |
1 |
| Send Ingestion Cost Anomaly Alert |
๐ Standalone |
1 |
1 |
| Send Unhealthy Azure Arc Resource Alert |
๐ Standalone |
1 |
1 |
| Send-AnalyticalRulesHealthNotifications |
๐ Standalone |
1 |
1 |
| SendEmailonRSAIDPlusAlert |
RSAIDPlus_AdminLogs_Connector |
1 |
1 |
| TritonPlayook |
๐ GitHub Only |
1 |
2 |
| Update-VIPUsers-Watchlist-from-AzureAD-Group |
๐ Standalone |
1 |
0 |
| VMRay Email Attachment Analyis |
VMRay |
1 |
1 |
| Watchlists - Inform Subscription Owner |
Watchlists Utilities |
1 |
1 |