Forum Discussion
Sentine Playbooks and Darktrace
I don't suppose anyone's managed to successfully create a playbook that makes POST requests to a DarkTrace cloud master appliance and willing to share some pointers? I'm trying to create a simple...
Yeah I've tried quite a few combinations of accepts and application types to no avail so far. The problem with is that the HTTP is a JSON body so as soon as you try an encapsulation with {} it won't even allow a save due to validation errors.
https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-actions-triggers#http-action
The output I listed below is where I forced it in to that format using a prior compose task.
Honestly starting to think about cutting my losses and having it as a function app with HTTP trigger and just using the logic app as an orchestrator.
I've already built a function app that the logic app calls to perform the signature signing request so almost feels my method might be a little off. I wonder if the better solution would be just to have the function app make the API calls and just return the results to the playbook to return to Sentinel. That way I'd only need to pass the url and args to the function app.
If you already have a working function app that is reliably working on a set schedule, then I wouldn't try reinventing a wheel here. Yes, it would defo be neat to have the whole thing in one place, but considering the effort, it's a waste of time in my mind.