Documentation

{{docApp.title}}

{{docApp.description}}

How can we help?

{{docApp.searchError}}
{{product.name}}

Searching in {{docApp.searchFilterBySpecificBookTitle}}

{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}} in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.

You have an odd number of " characters in your search terms - each one needs closing with a matching " character!

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

Defender / List Incidents

Operation Information

Hornbill iBridge integration to list incidents in Microsoft Defender.

This is a Premium Integration.

Authentication

This operation requires authentication, the details of which can be securely stored on your instance in a KeySafe Key of type Microsoft Defender 365.

To create a key of this type:

  • In the Configuration area of your Hornbill instance, navigate to Platform Configuration > Security > KeySafe;
  • Click on the + Create New Key button;
  • On the resulting Create New Key form, choose Microsoft Defender 365 in the Type pick list;
  • Give the Microsoft Defender 365 KeySafe key a Title (this is the name / identifier for the Microsoft Defender 365 account as you will see it when using the cloud automation node in your workflows);
  • Optionally populate the Description field;
  • Click the Create Key button to create your new key;
  • Once the Key is created, you will need to connect to the target service, and your account, in order to authorize the connector app access to the listed operations. Click the Connect button and you will be redirected to the service provider in a popup window;
  • Log in to your account, and then you will be prompted to review the options you are authorizing the Hornbill connector to be allowed to perform using the chosen account;
  • Accept the review and you will be returned to your KeySafe key.

Revoking Access

If at any point you wish to revoke access to any of the above accounts from your Hornbill instance, just hit the Revoke button in the relevant KeySafe key(s).

Warning

This will revoke the rights of any existing Cloud Automation Node in your Hornbill Workflows that are using the revoked Microsoft Defender 365 account, so you will need to manage these workflows accordingly.

Input Parameters

Display Name ID Type Description Required Supported Values
Severity severity string Options - Low, Medium, High. Leave blank to return all results No None provided

Output Parameters

Display Name ID Type Description
Status status string None provided
Error error string None provided
Incidents incidentList string None provided
In This Document