Merge pull request Azure#12581 from EladSapirBlink/Add-Event-Details-And-Update-Azure-Deploy

Add event details to playbooks (input of http request) and other little fixes in readme

Author: v-dvedak

Solutions/BlinkOps/Package/3.0.2.zip

@@ -33,7 +33,7 @@
     "email": "support@blinkops.com",
     "_email": "[variables('email')]",
     "_solutionName": "BlinkOps",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "blinkoperations1709924858838.azure-sentinel-blink_automation",
     "_solutionId": "[variables('solutionId')]",
     "Sentinel-Incident-Handler": "Sentinel-Incident-Handler",
@@ -65,7 +65,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Sentinel-Incident-Handler Playbook with template version 3.0.1",
+        "description": "Sentinel-Incident-Handler Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -150,6 +150,7 @@
                       },
                       "type": "Http",
                       "inputs": {
+                        "body": "@triggerBody()?['object']",
                         "method": "POST",
                         "uri": "@parameters('Blink-Webhook-Full-URL')"
                       },
@@ -264,7 +265,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Sentinel-Alert-Handler Playbook with template version 3.0.1",
+        "description": "Sentinel-Alert-Handler Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -349,6 +350,7 @@
                       },
                       "type": "Http",
                       "inputs": {
+                        "body": "@triggerBody()?['object']",
                         "method": "POST",
                         "uri": "@parameters('Blink-Webhook-Full-URL')"
                       },
@@ -459,7 +461,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "BlinkOps",

Solutions/BlinkOps/Package/mainTemplate.json

@@ -25,7 +25,10 @@
                 "title": "Sentinel-Alert-Handler",
                 "notes": [ "Initial version" ]
             }
-        ]
+        ],
+        "support": {
+            "tier": "Partner"
+        }
     },
     "parameters": {
         "PlaybookName": {
@@ -107,6 +110,7 @@
                             },
                             "type": "Http",
                             "inputs": {
+                              "body": "@triggerBody()?['object']",
                               "method": "POST",
                               "uri": "@parameters('Blink-Webhook-Full-URL')"
                             },

Solutions/BlinkOps/Playbooks/Sentinel-Alert-Handler/azuredeploy.json

@@ -15,12 +15,12 @@ Before deploying this playbook, ensure the following prerequisites are completed
 1. Create an **Event-Based Workflow** in [Blink](https://docs.blinkops.com/docs/workflows/building-workflows/triggers/event-based-triggers/webhooks) that is configured to trigger via webhook.
 <img src="../Sentinel-Incident-Handler/Create_event_based_workflow.png" width="50%"/>
 
-<img src="../Sentinel-Incident-Handler/xdr_webhook.png" width="50%"/>
+<img src="../Sentinel-Incident-Handler/sentinel_webhook.png" width="50%"/>
 
 2. Note down the following required value from Blink:
    - **Blink Webhook Full URL** – the full HTTPS endpoint URL to trigger your Blink workflow.
 
-<img src="../Sentinel-Incident-Handler/xdr_webhook_config.png" width="50%"/>
+<img src="../Sentinel-Incident-Handler/Configure_Sentinel_Webhook.png" width="50%"/>
 
 ---
 

Solutions/BlinkOps/Playbooks/Sentinel-Alert-Handler/readme.md

@@ -25,7 +25,10 @@
                 "title": "Sentinel-Incident-Handler",
                 "notes": [ "Initial version" ]
             }
-        ]
+        ],
+        "support": {
+            "tier": "Partner"
+        }
     },
     "parameters": {
         "PlaybookName": {
@@ -107,6 +110,7 @@
                             },
                             "type": "Http",
                             "inputs": {
+                              "body": "@triggerBody()?['object']",
                               "method": "POST",
                               "uri": "@parameters('Blink-Webhook-Full-URL')"
                             },

Solutions/BlinkOps/Playbooks/Sentinel-Incident-Handler/Configure_Sentinel_Webhook.png

@@ -15,12 +15,12 @@ Before deploying this playbook, ensure the following prerequisites are completed
 1. Create an **Event-Based Workflow** in [Blink](https://docs.blinkops.com/docs/workflows/building-workflows/triggers/event-based-triggers/webhooks) that is configured to trigger via webhook.
 <img src="./Create_event_based_workflow.png" width="50%"/>
 
-<img src="./xdr_webhook.png" width="50%"/>
+<img src="./sentinel_webhook.png" width="50%"/>
 
 2. Note down the following required value from Blink:
    - **Blink Webhook Full URL** – the full HTTPS endpoint URL to trigger your Blink workflow.
 
-<img src="./xdr_webhook_config.png" width="50%"/>
+<img src="./Configure_Sentinel_Webhook.png" width="50%"/>
 
 ---