{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata":{ "comments": "This playbook will open a new request in ManageEngine Service Desk Plus On Demand", "author": "Robert Kitching" }, "parameters": { "PlaybookName": { "defaultValue": "Open-ServiceDeskPlusOnDemand-Ticket", "type": "string" }, "UserName": { "defaultValue": "@", "type": "string" }, "ServiceDeskPlusBaseUrl": { "defaultValue": "https://sdpondemand.manageengine.eu/api/json/request", "type": "string" }, "ServiceDeskPlusAuthToken": { "defaultValue": "", "type": "string" }, "ServiceDeskPlusRequester": { "defaultValue": "Automated Sentinel Alert", "type": "string" }, "ServiceDeskPlusGroup": { "defaultValue": "", "type": "string" }, "ServiceDeskPlusImpact": { "defaultValue": "Affects Business", "type": "string" } }, "variables": { "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" }, "resources": [ { "type": "Microsoft.Web/connections", "apiVersion": "2016-06-01", "name": "[variables('AzureSentinelConnectionName')]", "location": "[resourceGroup().location]", "properties": { "displayName": "[parameters('UserName')]", "customParameterValues": {}, "api": { "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" } } }, { "type": "Microsoft.Logic/workflows", "apiVersion": "2017-07-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" ], "properties": { "state": "Enabled", "definition": { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", "contentVersion": "1.0.0.0", "parameters": { "$connections": { "defaultValue": {}, "type": "Object" } }, "triggers": { "When_a_response_to_an_Azure_Sentinel_alert_is_triggered": { "type": "ApiConnectionWebhook", "inputs": { "body": { "callback_url": "@{listCallbackUrl()}" }, "host": { "connection": { "name": "@parameters('$connections')['azuresentinel']['connectionId']" } }, "path": "/subscribe" } } }, "actions": { "Alert_-_Get_incident": { "runAfter": {}, "type": "ApiConnection", "inputs": { "host": { "connection": { "name": "@parameters('$connections')['azuresentinel']['connectionId']" } }, "method": "get", "path": "/Cases/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}" } }, "Create_ManageEngine_Service_Desk_Plus_Request": { "runAfter": { "Initialise_Request_Input_Data": [ "Succeeded" ] }, "type": "Http", "inputs": { "method": "POST", "uri": "@{variables('serviceDeskSettings')['baseUrl']}?scope=sdpodapi&authtoken=@{variables('serviceDeskSettings')['authToken']}&OPERATION_NAME=ADD_REQUEST&INPUT_DATA=@{variables('InputData')}" } }, "Initialize_Settings": { "runAfter": { "Alert_-_Get_incident": [ "Succeeded" ] }, "type": "InitializeVariable", "inputs": { "variables": [ { "name": "serviceDeskSettings", "type": "object", "value": { "authToken": "[parameters('ServiceDeskPlusAuthToken')]", "group": "[parameters('ServiceDeskPlusGroup')]", "impact": "[parameters('ServiceDeskPlusImpact')]", "requesterName": "[parameters('ServiceDeskPlusRequester')]", "baseUrl": "[parameters('ServiceDeskPlusBaseUrl')]" } } ] } }, "Initialise_Request_Input_Data": { "runAfter": { "Map_Severity": [ "Succeeded" ] }, "type": "InitializeVariable", "inputs": { "variables": [ { "name": "InputData", "type": "string", "value": "{\n \"operation\": {\n \"Details\": {\n \"REQUESTER\": \"@{variables('serviceDeskSettings')['requesterName']}\", \n \"SUBJECT\": \"@{body('Alert_-_Get_incident')?['properties']?['Title']}\",\n \"PRIORITY\": \"@{variables('Severity')}\",\n \"IMPACT\": \"@{variables('serviceDeskSettings')['impact']}\",\n \"URGENCY\": \"@{variables('Severity')}\",\n \"DESCRIPTION\": \"@{decodeUriComponent(replace(uriComponent(body('Alert_-_Get_incident')?['properties']?['Description']),'%0A','%3Cbr%3E'))}\",\n\t\"GROUP\": \"@{variables('serviceDeskSettings')['group']}\"\n }\n }\n}" } ] } }, "Map_Severity": { "runAfter": { "Initialize_Settings": [ "Succeeded" ] }, "type": "InitializeVariable", "inputs": { "variables": [ { "name": "Severity", "type": "string", "value": "@{if(equals(body('Alert_-_Get_incident')?['properties']?['Severity'],'Informational'), 'Low', body('Alert_-_Get_incident')?['properties']?['Severity'])}" } ] } } }, "outputs": {} }, "parameters": { "$connections": { "value": { "azuresentinel": { "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", "connectionName": "[variables('AzureSentinelConnectionName')]", "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" } } } } } } ] }