Understanding the HTTP action and its usage
As already mentioned, all the Logic Apps actions that Microsoft Sentinel uses in playbooks are actually API calls. Native actions are just represented more nicely as part of a GUI, making it easier for users to utilize them. Adding dynamic content is much easier than writing the body of an API call in JSON.
But why, then, do I like the HTTP action more than any other? Because it allows us to create actions per our own needs, and we can also utilize different authentication methods.
Elements of the HTTP action
- Method: This states the API method. The most popular are
- URI: The Uniform Resource Identifier (URI) is the API call itself. It normally looks like a URL.
- Headers: This defines whether an API call needs to have any headers.
- Queries: This defines whether the API call needs...