189 строки
9.3 KiB
JSON
189 строки
9.3 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"metadata":{
|
|
"comments": "This playbook will open a new request in ManageEngine Service Desk Plus On Demand",
|
|
"author": "Robert Kitching"
|
|
},
|
|
"parameters": {
|
|
"PlaybookName": {
|
|
"defaultValue": "Open-ServiceDeskPlusOnDemand-Ticket",
|
|
"type": "string"
|
|
},
|
|
"UserName": {
|
|
"defaultValue": "<username>@<domain>",
|
|
"type": "string"
|
|
},
|
|
"ServiceDeskPlusBaseUrl": {
|
|
"defaultValue": "https://sdpondemand.manageengine.eu/api/json/request",
|
|
"type": "string"
|
|
},
|
|
"ServiceDeskPlusAuthToken": {
|
|
"defaultValue": "",
|
|
"type": "string"
|
|
},
|
|
"ServiceDeskPlusRequester": {
|
|
"defaultValue": "Automated Sentinel Alert",
|
|
"type": "string"
|
|
},
|
|
"ServiceDeskPlusGroup": {
|
|
"defaultValue": "",
|
|
"type": "string"
|
|
},
|
|
"ServiceDeskPlusImpact": {
|
|
"defaultValue": "Affects Business",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"variables": {
|
|
"AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]"
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.Web/connections",
|
|
"apiVersion": "2016-06-01",
|
|
"name": "[variables('AzureSentinelConnectionName')]",
|
|
"location": "[resourceGroup().location]",
|
|
"properties": {
|
|
"displayName": "[parameters('UserName')]",
|
|
"customParameterValues": {},
|
|
"api": {
|
|
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Logic/workflows",
|
|
"apiVersion": "2017-07-01",
|
|
"name": "[parameters('PlaybookName')]",
|
|
"location": "[resourceGroup().location]",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
|
|
],
|
|
"properties": {
|
|
"state": "Enabled",
|
|
"definition": {
|
|
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"$connections": {
|
|
"defaultValue": {},
|
|
"type": "Object"
|
|
}
|
|
},
|
|
"triggers": {
|
|
"When_a_response_to_an_Azure_Sentinel_alert_is_triggered": {
|
|
"type": "ApiConnectionWebhook",
|
|
"inputs": {
|
|
"body": {
|
|
"callback_url": "@{listCallbackUrl()}"
|
|
},
|
|
"host": {
|
|
"connection": {
|
|
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
|
}
|
|
},
|
|
"path": "/subscribe"
|
|
}
|
|
}
|
|
},
|
|
"actions": {
|
|
"Alert_-_Get_incident": {
|
|
"runAfter": {},
|
|
"type": "ApiConnection",
|
|
"inputs": {
|
|
"host": {
|
|
"connection": {
|
|
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
|
}
|
|
},
|
|
"method": "get",
|
|
"path": "/Cases/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}"
|
|
}
|
|
},
|
|
"Create_ManageEngine_Service_Desk_Plus_Request": {
|
|
"runAfter": {
|
|
"Initialise_Request_Input_Data": [
|
|
"Succeeded"
|
|
]
|
|
},
|
|
"type": "Http",
|
|
"inputs": {
|
|
"method": "POST",
|
|
"uri": "@{variables('serviceDeskSettings')['baseUrl']}?scope=sdpodapi&authtoken=@{variables('serviceDeskSettings')['authToken']}&OPERATION_NAME=ADD_REQUEST&INPUT_DATA=@{variables('InputData')}"
|
|
}
|
|
},
|
|
"Initialize_Settings": {
|
|
"runAfter": {
|
|
"Alert_-_Get_incident": [
|
|
"Succeeded"
|
|
]
|
|
},
|
|
"type": "InitializeVariable",
|
|
"inputs": {
|
|
"variables": [
|
|
{
|
|
"name": "serviceDeskSettings",
|
|
"type": "object",
|
|
"value": {
|
|
"authToken": "[parameters('ServiceDeskPlusAuthToken')]",
|
|
"group": "[parameters('ServiceDeskPlusGroup')]",
|
|
"impact": "[parameters('ServiceDeskPlusImpact')]",
|
|
"requesterName": "[parameters('ServiceDeskPlusRequester')]",
|
|
"baseUrl": "[parameters('ServiceDeskPlusBaseUrl')]"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"Initialise_Request_Input_Data": {
|
|
"runAfter": {
|
|
"Map_Severity": [
|
|
"Succeeded"
|
|
]
|
|
},
|
|
"type": "InitializeVariable",
|
|
"inputs": {
|
|
"variables": [
|
|
{
|
|
"name": "InputData",
|
|
"type": "string",
|
|
"value": "{\n \"operation\": {\n \"Details\": {\n \"REQUESTER\": \"@{variables('serviceDeskSettings')['requesterName']}\", \n \"SUBJECT\": \"@{body('Alert_-_Get_incident')?['properties']?['Title']}\",\n \"PRIORITY\": \"@{variables('Severity')}\",\n \"IMPACT\": \"@{variables('serviceDeskSettings')['impact']}\",\n \"URGENCY\": \"@{variables('Severity')}\",\n \"DESCRIPTION\": \"@{decodeUriComponent(replace(uriComponent(body('Alert_-_Get_incident')?['properties']?['Description']),'%0A','%3Cbr%3E'))}\",\n\t\"GROUP\": \"@{variables('serviceDeskSettings')['group']}\"\n }\n }\n}" }
|
|
]
|
|
}
|
|
},
|
|
"Map_Severity": {
|
|
"runAfter": {
|
|
"Initialize_Settings": [
|
|
"Succeeded"
|
|
]
|
|
},
|
|
"type": "InitializeVariable",
|
|
"inputs": {
|
|
"variables": [
|
|
{
|
|
"name": "Severity",
|
|
"type": "string",
|
|
"value": "@{if(equals(body('Alert_-_Get_incident')?['properties']?['Severity'],'Informational'), 'Low', body('Alert_-_Get_incident')?['properties']?['Severity'])}"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"outputs": {}
|
|
},
|
|
"parameters": {
|
|
"$connections": {
|
|
"value": {
|
|
"azuresentinel": {
|
|
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
|
|
"connectionName": "[variables('AzureSentinelConnectionName')]",
|
|
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
} |