Documentation

{{docApp.title}}

{{docApp.description}}

How can we help?

{{docApp.searchError}}
{{product.name}}

Searching in {{docApp.searchFilterBySpecificBookTitle}}

{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}} in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.

You have an odd number of " characters in your search terms - each one needs closing with a matching " character!

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

Defender / Get Incident

Operation Information

Hornbill iBridge integration to get the details of an incident in Microsoft Defender.

This is a Premium Integration.

Authentication

This operation requires authentication, the details of which can be securely stored on your instance in a KeySafe Key of type Microsoft Defender 365.

To create a key of this type:

  • In the Configuration area of your Hornbill instance, navigate to Platform Configuration > Security > KeySafe;
  • Click on the + Create New Key button;
  • On the resulting Create New Key form, choose Microsoft Defender 365 in the Type pick list;
  • Give the Microsoft Defender 365 KeySafe key a Title (this is the name / identifier for the Microsoft Defender 365 account as you will see it when using the cloud automation node in your workflows);
  • Optionally populate the Description field;
  • Click the Create Key button to create your new key;
  • Once the Key is created, you will need to connect to the target service, and your account, in order to authorize the connector app access to the listed operations. Click the Connect button and you will be redirected to the service provider in a popup window;
  • Log in to your account, and then you will be prompted to review the options you are authorizing the Hornbill connector to be allowed to perform using the chosen account;
  • Accept the review and you will be returned to your KeySafe key.

Revoking Access

If at any point you wish to revoke access to any of the above accounts from your Hornbill instance, just hit the Revoke button in the relevant KeySafe key(s).

Warning

This will revoke the rights of any existing Cloud Automation Node in your Hornbill Workflows that are using the revoked Microsoft Defender 365 account, so you will need to manage these workflows accordingly.

Input Parameters

Display Name ID Type Description Required Supported Values
Incident ID incidentId string The ID of the Incident Yes None provided

Output Parameters

Display Name ID Type Description
Status status string The Status of the integration, ok / fail
Id id string The ID of the Incident
Error error string Any errors returned from the api call
Incident Web Url incidentWebUrl string The Web URL of the Incident
Display Name displayName string The display name of the Incident
Tenant Id tenantId string The tenant ID of the Incident
Created Date Time createdDateTime string The created date/time of the Incident
Last Update Date Time lastUpdateDateTime string The last updated date/time of the Incident
Assigned To assignedTo string Who the Incident is assigned to
Classification classification string The classification of the Incident
Determination determination string The determination of the Incident
Severity severity string The severity of the Incident
Comment comment string Any comments associated with the Incident
Created By createdBy string Who created the Incident
Created Time createdTime string The creation time of the Incident
In This Document