Documentation

{{docApp.title}}

{{docApp.description}}

How can we help?

{{docApp.searchError}}
{{product.name}}

Searching in {{docApp.searchFilterBySpecificBookTitle}}

{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}} in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.

You have an odd number of " characters in your search terms - each one needs closing with a matching " character!

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

Defender / Get Alert

Operation Information

Hornbill iBridge integration to list incidents in Microsoft Defender.

This is a Premium Integration.

Authentication

This operation requires authentication, the details of which can be securely stored on your instance in a KeySafe Key of type Microsoft Defender 365.

To create a key of this type:

  • In the Configuration area of your Hornbill instance, navigate to Platform Configuration > Security > KeySafe;
  • Click on the + Create New Key button;
  • On the resulting Create New Key form, choose Microsoft Defender 365 in the Type pick list;
  • Give the Microsoft Defender 365 KeySafe key a Title (this is the name / identifier for the Microsoft Defender 365 account as you will see it when using the cloud automation node in your workflows);
  • Optionally populate the Description field;
  • Click the Create Key button to create your new key;
  • Once the Key is created, you will need to connect to the target service, and your account, in order to authorize the connector app access to the listed operations. Click the Connect button and you will be redirected to the service provider in a popup window;
  • Log in to your account, and then you will be prompted to review the options you are authorizing the Hornbill connector to be allowed to perform using the chosen account;
  • Accept the review and you will be returned to your KeySafe key.

Revoking Access

If at any point you wish to revoke access to any of the above accounts from your Hornbill instance, just hit the Revoke button in the relevant KeySafe key(s).

Warning

This will revoke the rights of any existing Cloud Automation Node in your Hornbill Workflows that are using the revoked Microsoft Defender 365 account, so you will need to manage these workflows accordingly.

Input Parameters

Display Name ID Type Description Required Supported Values
Alert ID alertId string None provided Yes None provided

Output Parameters

Display Name ID Type Description
Status status string None provided
Error error string None provided
Id id string None provided
Provider Alert Id providerAlertId string None provided
Incident Id incidentId string None provided
Incident Status incidentStatus string None provided
Severity severity string None provided
Service Source serviceSource string None provided
Detection Source detectionSource string None provided
Detector Id detectorId string None provided
Tenant Id tenantId string None provided
Title title string None provided
Description description string None provided
Recommended Actions recommendedActions string None provided
Category category string None provided
Alert Web Url alertWebUrl string None provided
Incident Web Url incidentWebUrl string None provided
Created Date Time createdDateTime string None provided
Last Update Date Time lastUpdateDateTime string None provided
First Activity Date Time firstActivityDateTime string None provided
Last Activity Date Time lastActivityDateTime string None provided
In This Document