/
Executing and Monitoring Infoblox Sentinel Logic apps
Document toolboxDocument toolbox

Executing and Monitoring Infoblox Sentinel Logic apps

Owned by Shirly Tsang
Aug 02, 2024
3 min read

Once you have successfully installed and deployed all the components of Infoblox Sentinel Integration, follow these steps to execute and monitor the playbooks.

  1. Incidents should be generated by any user based on the analytics rule that they have configured. To execute these playbooks on the incidents, go to Microsoft Sentinel -> <Your workspace> and select Incidents.

image-20240711-134410.png

  1. From the list of available incidents, click on any Incident and in Actions you will see an option to Run Playbook.

image-20240711-134513.png

  1. You will see a list of available Logic apps and click on Run button to execute any playbook. 

image-20240711-134612.png

  1. Once the playbook gets executed successfully, you will be able to see comments in the Incident similar to the following (Example of IPAM Lookup). To go to the comment section, select the incident and click on View full details.

 

image-20240711-134849.png

  1. After that click on Total comments in the left pane or click on comments in old view at the top and you will be able to see the comments added in the Incidents.

image-20240711-135058.png
image-20240711-135156.png

Note: The limit for the number of comments in an Incident is 100. Hence, it is not possible to add more than 100 comments.

image-20240711-135255.png

  1. To get the status of playbook execution, go to Logic Apps-> Select the logic app from the list and Select Run History.

image-20240711-135512.png

  1. You will be able to see the execution status of that playbook.

image-20240711-135539.png

  1. In case of failed execution, the user needs to open the run history of that playbook and go to each action and find the failed action with a Red Mark for troubleshooting or to identify the reason for failure.

image-20240711-135608.png

 

Related content