fix bug+feild mapping
This commit is contained in:
Yaniv Shasha
Родитель
c2dd0011f9
Коммит
5551f4e390
|
|
@ -18,7 +18,7 @@
|
|||
"variables": {
|
||||
"AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]",
|
||||
"SNOWConnectionName": "[concat('snow-', parameters('PlaybookName'))]"
|
||||
},
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
|
|
@ -99,45 +99,39 @@
|
|||
"path": "/Cases/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}"
|
||||
}
|
||||
},
|
||||
"For_each": {
|
||||
"foreach": "@body('Alert_-_Get_incident')?['value']",
|
||||
"actions": {
|
||||
"Create_Record": {
|
||||
"runAfter": {},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"description": "@items('For_each')?['properties']?['Description']",
|
||||
"severity": "@triggerBody()?['Severity']",
|
||||
"short_description": "@items('For_each')?['properties']?['Title']"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['service-now']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/api/now/v2/table/@{encodeURIComponent('incident')}",
|
||||
"queries": {
|
||||
"sysparm_display_value": false,
|
||||
"sysparm_exclude_reference_link": true
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"Create_Record": {
|
||||
"runAfter": {
|
||||
"Alert_-_Get_incident": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "Foreach"
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"description": "@body('Alert_-_Get_incident')?['properties']?['Description']",
|
||||
"number": "@{body('Alert_-_Get_incident')?['name']}",
|
||||
"severity": "@body('Alert_-_Get_incident')?['properties']?['Severity']",
|
||||
"short_description": "@body('Alert_-_Get_incident')?['properties']?['Title']"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['service-now']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "post",
|
||||
"path": "/api/now/v2/table/@{encodeURIComponent('incident')}",
|
||||
"queries": {
|
||||
"sysparm_display_value": false,
|
||||
"sysparm_exclude_reference_link": true
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"outputs": {}
|
||||
},
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"value": {
|
||||
"value": {
|
||||
"azuresentinel": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
|
||||
"connectionName": "[variables('AzureSentinelConnectionName')]",
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче