How can we help?
{{docApp.searchError}}
{{product.name}}
Searching in {{docApp.searchFilterBySpecificBookTitle}}
{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}}
in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.
You have an odd number of " characters in your search terms - each one needs closing with a matching " character!
-
{{resultItem.title}}
{{resultItem.url}}
{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}
{{docApp.libraryHomeViewProduct.description}}
{{group.title || group.id}}
{{group.description}}
Operation Information
Hornbill iBridge integration to get the details of an incident in Microsoft Defender.
This is a Premium Integration.
Authentication
This operation requires authentication, the details of which can be securely stored on your instance in a KeySafe Key of type Microsoft Defender 365.
To create a key of this type:
- In the Configuration area of your Hornbill instance, navigate to Platform Configuration > Security > KeySafe;
- Click on the + Create New Key button;
- On the resulting Create New Key form, choose Microsoft Defender 365 in the Type pick list;
- Give the Microsoft Defender 365 KeySafe key a Title (this is the name / identifier for the Microsoft Defender 365 account as you will see it when using the cloud automation node in your workflows);
- Optionally populate the Description field;
- Click the Create Key button to create your new key;
- Once the Key is created, you will need to connect to the target service, and your account, in order to authorize the connector app access to the listed operations. Click the Connect button and you will be redirected to the service provider in a popup window;
- Log in to your account, and then you will be prompted to review the options you are authorizing the Hornbill connector to be allowed to perform using the chosen account;
- Accept the review and you will be returned to your KeySafe key.
Revoking Access
If at any point you wish to revoke access to any of the above accounts from your Hornbill instance, just hit the Revoke button in the relevant KeySafe key(s).
Warning
This will revoke the rights of any existing Cloud Automation Node in your Hornbill Workflows that are using the revoked Microsoft Defender 365 account, so you will need to manage these workflows accordingly.
Input Parameters
| Display Name | ID | Type | Description | Required | Supported Values |
|---|---|---|---|---|---|
| Incident ID | incidentId |
string |
The ID of the Incident | Yes | None provided |
Output Parameters
| Display Name | ID | Type | Description |
|---|---|---|---|
| Status | status |
string |
The Status of the integration, ok / fail |
| Id | id |
string |
The ID of the Incident |
| Error | error |
string |
Any errors returned from the api call |
| Incident Web Url | incidentWebUrl |
string |
The Web URL of the Incident |
| Display Name | displayName |
string |
The display name of the Incident |
| Tenant Id | tenantId |
string |
The tenant ID of the Incident |
| Created Date Time | createdDateTime |
string |
The created date/time of the Incident |
| Last Update Date Time | lastUpdateDateTime |
string |
The last updated date/time of the Incident |
| Assigned To | assignedTo |
string |
Who the Incident is assigned to |
| Classification | classification |
string |
The classification of the Incident |
| Determination | determination |
string |
The determination of the Incident |
| Severity | severity |
string |
The severity of the Incident |
| Comment | comment |
string |
Any comments associated with the Incident |
| Created By | createdBy |
string |
Who created the Incident |
| Created Time | createdTime |
string |
The creation time of the Incident |
- Version {{docApp.book.version}}
- Node {{docApp.node}} / {{docApp.build}}
In This Document