Skip to content

Commit a0284b8

Browse files
Yaniv-ShashaYaniv-Shasha
committed
changing how comments will look like
1 parent 6b7f4eb commit a0284b8

File tree

2 files changed

+6
-33
lines changed

2 files changed

+6
-33
lines changed

Solutions/SentinelSOARessentials/Playbooks/Incident-Trigger-Entity-Analyzer/azuredeploy.json

Lines changed: 4 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -135,18 +135,9 @@
135135
}
136136
}
137137
},
138-
"Compose_Url": {
139-
"runAfter": {
140-
"URL_Analyzer": [
141-
"Succeeded"
142-
]
143-
},
144-
"type": "Compose",
145-
"inputs": "@concat(\r\n'🔗 **URL Analysis for: ', item()?['Url'], '**\\n\\n',\r\n'🏷️ **Classification**\\n\\n',\r\nbody('URL_Analyzer')?['classification'], '\\n\\n',\r\n'🔍 **Analysis Result**\\n\\n',\r\nbody('URL_Analyzer')?['analysis'], '\\n\\n',\r\n'✅ **Recommendation**\\n\\n',\r\nbody('URL_Analyzer')?['recommendation'], '\\n\\n',\r\n'⚠️ **Disclaimer**\\n\\n',\r\n'🤖 ', body('URL_Analyzer')?['disclaimer']\r\n)"
146-
},
147138
"Add_Url_comment_to_incident": {
148139
"runAfter": {
149-
"Compose_Url": [
140+
"URL_Analyzer": [
150141
"Succeeded"
151142
]
152143
},
@@ -160,7 +151,7 @@
160151
"method": "post",
161152
"body": {
162153
"incidentArmId": "@triggerBody()?['object']?['id']",
163-
"message": "<p class=\"editor-paragraph\">@{outputs('Compose_Url')}</p>"
154+
"message": "<p class=\"editor-paragraph\"><b><strong class=\"editor-text-bold\">Security Analysis Report</strong></b><br><br><br><b><strong class=\"editor-text-bold\">Analysis ID:</strong></b> @{body('URL_Analyzer')?['id']}<br><br><b><strong class=\"editor-text-bold\">Entity Type:</strong></b> Url<br><br><br>🔗 <b><strong class=\"editor-text-bold\">URL Analysis for:</strong></b>@{item()}<br><br><br>🏷️ <b><strong class=\"editor-text-bold\">Classification:</strong></b> @{body('URL_Analyzer')?['classification']}<br><br><br>🔍 <b><strong class=\"editor-text-bold\">Analysis Result:</strong></b> @{body('URL_Analyzer')?['analysis']}<br><br><br>✅ <b><strong class=\"editor-text-bold\">Recommendation:</strong></b> @{body('URL_Analyzer')?['recommendation']}<br><br><br>📋 <b><strong class=\"editor-text-bold\">Data Sources:</strong></b> @{body('URL_Analyzer')?['dataSourceList']}<br><br><br>❗ <b><strong class=\"editor-text-bold\">Disclaimer:</strong></b> @{body('URL_Analyzer')?['disclaimer']}</p>"
164155
},
165156
"path": "/Incidents/Comment"
166157
}
@@ -218,18 +209,9 @@
218209
}
219210
}
220211
},
221-
"Compose_User": {
222-
"runAfter": {
223-
"User_Analyzer": [
224-
"Succeeded"
225-
]
226-
},
227-
"type": "Compose",
228-
"inputs": "@concat(\r\n'👤 **User Analysis for: ', item()?['Name'], '**\\n\\n',\r\n'🏷️ **Classification**\\n\\n',\r\nbody('User_Analyzer')?['classification'], '\\n\\n',\r\n'🔍 **Analysis Result**\\n\\n',\r\nbody('User_Analyzer')?['analysis'], '\\n\\n',\r\n'✅ **Recommendation**\\n\\n',\r\nbody('User_Analyzer')?['recommendation'], '\\n\\n',\r\n'⚠️ **Disclaimer**\\n\\n',\r\n'🤖 ', body('User_Analyzer')?['disclaimer']\r\n)"
229-
},
230212
"Add_User_comment_to_incident": {
231213
"runAfter": {
232-
"Compose_User": [
214+
"User_Analyzer": [
233215
"Succeeded"
234216
]
235217
},
@@ -243,7 +225,7 @@
243225
"method": "post",
244226
"body": {
245227
"incidentArmId": "@triggerBody()?['object']?['id']",
246-
"message": "<p class=\"editor-paragraph\">@{outputs('Compose_User')}</p>"
228+
"message": "<p class=\"editor-paragraph\"><b><strong class=\"editor-text-bold\">Security Analysis Report</strong></b><br><br><br><b><strong class=\"editor-text-bold\">Analysis ID:</strong></b> @{body('User_Analyzer')?['id']}<br><br><b><strong class=\"editor-text-bold\">Entity Type:</strong></b> User<br><br><br>👤 <b><strong class=\"editor-text-bold\">User Analysis for:</strong></b> @{item()?['Name']}<br><br><br>🏷️ <b><strong class=\"editor-text-bold\">Classification:</strong></b> @{body('User_Analyzer')?['classification']}<br><br><br>🔍 <b><strong class=\"editor-text-bold\">Analysis Result:</strong></b> @{body('User_Analyzer')?['analysis']}<br><br><br>✅ <b><strong class=\"editor-text-bold\">Recommendation:</strong></b> @{body('User_Analyzer')?['recommendation']}<br><br><br>📋 <b><strong class=\"editor-text-bold\">Data Sources:</strong></b> @{body('User_Analyzer')?['dataSourceList']}<br><br><br>❗ <b><strong class=\"editor-text-bold\">Disclaimer:</strong></b> @{body('User_Analyzer')?['disclaimer']}</p>"
247229
},
248230
"path": "/Incidents/Comment"
249231
}

Solutions/SentinelSOARessentials/Playbooks/Url-Trigger-Entity-Analyzer/azuredeploy.json

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -122,18 +122,9 @@
122122
"path": "/aiprimitives/analysis"
123123
}
124124
},
125-
"Compose": {
126-
"runAfter": {
127-
"URL_Analyzer": [
128-
"Succeeded"
129-
]
130-
},
131-
"type": "Compose",
132-
"inputs": "@concat(\r\n'| 🔍 **Section** | Details |\\n',\r\n'|---|---|\\n',\r\n'| 🏷️ **Classification** | ', replace(replace(replace(coalesce(body('URL_Analyzer')?['classification'], 'N/A'), '\\r\\n', '\\n'), '\\n', '<br/>'), '|', '\\\\|'), ' |\\n',\r\n'| 🕵️ **Entity Type** | ', replace(replace(replace(coalesce(body('URL_Analyzer')?['properties']?['entityType'], 'N/A'), '\\r\\n', '\\n'), '\\n', '<br/>'), '|', '\\\\|'), ' |\\n',\r\n'| 🔎 **Analysis Result** | ', replace(replace(replace(replace(coalesce(body('URL_Analyzer')?['analysis'], 'N/A'), '- ', '• '), '\\r\\n', '\\n'), '\\n', '<br/>'), '|', '\\\\|'), ' |\\n',\r\n'| ✅ **Recommendation** | ', replace(replace(replace(coalesce(body('URL_Analyzer')?['recommendation'], 'N/A'), '\\r\\n', '\\n'), '\\n', '<br/>'), '|', '\\\\|'), ' |\\n',\r\n'| ⚠️ **Disclaimer** | 🤖 ', replace(replace(replace(coalesce(body('URL_Analyzer')?['disclaimer'], 'N/A'), '\\r\\n', '\\n'), '\\n', '<br/>'), '|', '\\\\|'), ' |\\n',\r\n'| 📂 **Data Sources** | ', if(equals(empty(body('URL_Analyzer')?['dataSourceList']), true), 'N/A', concat('• ', replace(join(body('URL_Analyzer')?['dataSourceList'], '\\n• '), '\\n', '<br/>'))), ' |'\r\n)"
133-
},
134125
"Add_comment_to_incident_(V3)": {
135126
"runAfter": {
136-
"Compose": [
127+
"URL_Analyzer": [
137128
"Succeeded"
138129
]
139130
},
@@ -147,7 +138,7 @@
147138
"method": "post",
148139
"body": {
149140
"incidentArmId": "@triggerBody()?['IncidentArmID']",
150-
"message": "<p class=\"editor-paragraph\">@{outputs('Compose')}</p>"
141+
"message": "<p class=\"editor-paragraph\"><b><strong class=\"editor-text-bold\">Security Analysis Report</strong></b><br><br><br><b><strong class=\"editor-text-bold\">Analysis ID: </strong></b>@{body('URL_Analyzer')['id']}<br><br><b><strong class=\"editor-text-bold\">Entity Type:</strong></b> Url<br><br><br>🔗 <b><strong class=\"editor-text-bold\">URL Analysis for:</strong></b> @{triggerBody()?['Entity']?['properties']?['Url']}<br><br><br>🏷️ <b><strong class=\"editor-text-bold\">Classification: </strong></b>@{body('URL_Analyzer')?['classification']}<br><br><br>🔍 <b><strong class=\"editor-text-bold\">Analysis Result: </strong></b>@{body('URL_Analyzer')?['analysis']}<br><br><br>✅<b><strong class=\"editor-text-bold\"> Recommendation:</strong></b> @{body('URL_Analyzer')?['recommendation']}<br><br><br>📋 <b><strong class=\"editor-text-bold\">Data Sources:</strong></b> @{body('URL_Analyzer')?['dataSourceList']}<br><br><br>❗ <b><strong class=\"editor-text-bold\">Disclaimer:</strong></b> @{body('URL_Analyzer')?['disclaimer']}</p>"
151142
},
152143
"path": "/Incidents/Comment"
153144
}

0 commit comments

Comments
 (0)