Watchlists Utilities Solution
Solution: Watchlists Utilities
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com/ |
| Categories | domains |
| Version | 2.0.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-05-23 |
| Solution Folder | Watchlists Utilities |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (76%) |
The Watchlist Utilities solution for Microsoft Sentinel contains Playbooks that can help automate watchlist usage and integration with incident's management. These include use cases for adding entities (Hosts, IP, URL, User, etc.) to Microsoft Sentinel Watchlists and for incident management.
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Content Items
This solution includes 12 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 12 |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Add Host To Watchlist - Alert Trigger | This playbook will add a host entity from the alert to a new or existing watchlist. | - |
| Add Host To Watchlist - Incident Trigger | This playbook will add a Host entity to a new or existing watchlist. | - |
| Add IP To Watchlist - Alert Trigger | This playbook will add a IP entity from the alert to a new or existing watchlist. | - |
| Add IP To Watchlist - Incident Trigger | This playbook will add a IP entity to a new or existing watchlist. | - |
| Add URL To Watchlist - Alert Trigger | This playbook will add a URL entity from the alert to a new or existing watchlist. | - |
| Add URL To Watchlist - Incident Trigger | This playbook will add a URL entity to a new or existing watchlist. | - |
| Add User To Watchlist - Alert Trigger | This playbook will add a user entity from the alert to a new or existing watchlist. | - |
| Add User To Watchlist - Incident Trigger | This playbook will add a User entity to a new or existing watchlist. | - |
| Watchlist - Change Incident Severity and Title if User VIP - Alert Trigger | This playbook leverages Microsoft Sentinel Watchlists in order to adapt the incidents severity which... | - |
| Watchlist - Change Incident Severity and Title if User VIP - Incident Trigger | This playbook leverages Microsoft Sentinel Watchlists in order to adapt the incidents severity which... | - |
| Watchlist - close incidents with safe IPs | This playbook leverages Microsoft Sentinel Watchlists in order to close incidents which include IP a... | - |
| Watchlists - Inform Subscription Owner | This playbook leverages Microsoft Sentinel Watchlists in order to get the relevant subscription owne... | - |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊