16e6a935d5
|
||
|---|---|---|
| .. | ||
| DynamicSummaries_API_Models.pdf | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Dynamic-Summaries-API-Upsert
author: Zhipeng Zhao
This playbook shows how to query Log Analytics data and upload the query result to Sentinel Dynamic Summaries table through Dynamic Summaries REST API.
Prerequisites
Before deploying the playbook you will need
- Create Azure Integration account through Azure portal. Integration account should be in the same region as Logic App. And integration account must be in either Basic or Standard pricing tier.
- Have a KQL that renders data for Dynamic Summaries object models.
- Logic App and Log Analytics Workspace for Dynamic Summaries should be in the same Azure resource group.
- Finally user must be a subscription owner to deploy the playbook template.
Quick Deployment
Learn more about playbook deployment
Post-Deployment
After deployment, the playbook will run automatically, it may fail due to permission issues. You need to perform one action:
- You need to authorize the API Connections, going to API connections, selecting the API connection, selecting Edit API connection. then clicking Authorize button at the bottom.