Forum Discussion
Malicious Domain Push to Other Services
Hi All! I am looking for a way to automate pushing malicious domains found in Sentinel to other services such as O365, Zscaler and INKY. I believe that there is potential to use Logic Apps, but I...
Well, for external services the easiest will be a logic app triggered by incident/alert automation rule which connects to those services that have an API with a PUT call to add those URLs to those services, though the actual syntax will depend on that service. Make sure you integrate the key vault for the secrets required to connect to the external services.
That said, as this is very early in the project lifetime I feel that this is more of a general architecture to be discussed with a specialized consultant rather than asked in a general forum like this that is more focused on specific issues.
That said, as this is very early in the project lifetime I feel that this is more of a general architecture to be discussed with a specialized consultant rather than asked in a general forum like this that is more focused on specific issues.
Thanks for direction on this. More than likely, we will be discussing with specialized consultant. Putting it on here was more of a way to gauge if anyone had done something similar to this. I appreciate the feedback.