Skip to main content
Skip table of contents

Azure Virtual Networks

LAST UPDATED: NOV 20, 2024

Overview

Microsoft Azure Virtual Network gives your organization an isolated and highly secure environment to run your virtual machines and applications.

D3 SOAR is providing REST operations to function with Azure Virtual Networks.

Azure Virtual Networks is available for use in:

D3 SOAR

V12.7+

Category

Cloud Services

Deployment Options

Option II, Option IV

Known Limitations

See Networking limits - Azure Resource Manager for details.

Connection

To connect to Azure Virtual Networks from D3 SOAR, follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The server URL for the API connection.

https://management.azure.com

Directory ID

The directory ID used for authentication.

*****

Grant Type

The grant type used for authentication.

client_credentials

Client ID

The client ID used for authentication.

*****

Client Secret

The client secret used for authentication.

*****

Resource

The name of the resource group within the user's subscription.

https://management.azure.com

Subscriptions

The Azure subscription ID.

*****

API Version

The API Version used for the connection.

2020-05-01

READER NOTE

The prerequisite for using this guide is an active Microsoft Azure subscription. Refer to Build in the cloud with an Azure account for more information.

Permission Requirements

Each endpoint in the Azure Virtual Networks API requires a certain permission scope. The following are required scopes for the commands in this integration:

Command

Required Permissions

Create Network Interface

Network Contributor

Create Network Security Group

Network Contributor

Create Public IP Address

Network Contributor

Create Subnet

Network Contributor

Create Virtual Network

Network Contributor

Delete Network Interface

Network Contributor

Delete Network Security Group

Network Contributor

Delete Public IP Address

Network Contributor

Delete Subnet

Network Contributor

Delete Virtual Network

Network Contributor

List Network Interfaces

Network Contributor

List Network Security Groups

Network Contributor

List Public IP Addresses

Network Contributor

List Subnets

Network Contributor

List Virtual Networks

Network Contributor

Test Connection

Network Contributor

Azure Network Security Groups is using role-based access control (RBAC). Therefore, the command permissions are inherited from the security principal's role. Roles for security principals must be configured from the Azure portal to use the commands in this integration.

READER NOTE

Only security principals with the Role Based Access Control Administrator or User Access Administrator role can configure Azure roles. Refer to Assign Azure roles using Azure portal for more information on configuring user roles.

Configuring Azure Virtual Networks to Work with D3 SOAR

  1. Navigate to the top search bar, then search for and select App registrations.

  2. Click on the + New Registration button to create a new app. If using a pre-existing app, click into it and skip to step 5.

  3. Register the application.

    1. Enter a name.

    2. Select the Accounts in this organizational directory only (<Your Directory Name> only - Single tenant) option.

    3. Register the application.

  4. Obtain the necessary credentials from the app's Overview tab.

    1. Copy the Application (client) ID and store it somewhere safe. Refer to step 3i sub-step 4 in Configuring D3 SOAR to Work with Azure Network Security Groups.

    2. Copy the Directory (tenant) ID and store it somewhere safe. Refer to step 3i sub-step 2 in Configuring D3 SOAR to Work with Azure Network Security Groups.

  5. Obtain the Client Secret.

    1. Click on the Add a certificate or secret link.

    2. Configure the client secret.

      1. Click on the + New client secret button.

      2. Enter a description.

      3. Add the client secret.

    3. Copy the Value of the newly created client secret and store it somewhere safe. Refer to step 3i sub-step 5 in Configuring D3 SOAR to Work with Azure Network Security Groups.

READER NOTE

The client secret value cannot be viewed again after the page is refreshed or closed.

  1. Navigate to the top search bar, then search for and select Resource groups.

  2. Click on the + Create button to create a new resource group. If using a pre-existing resource group, click into it and skip to step 10.

  3. Configure the resource group.

    1. Select a subscription.

    2. Name the resource group.

    3. Select a region.

    4. Click on the Review + Create button.

  4. Create the resource group.

  5. Navigate to Resource groups and select the group for which to configure roles.

  6. Add a role assignment.

    1. Select the Access Control (IAM) tab.

    2. Click on the + Add button.

    3. Click on the Add role assignment button.

  7. Add the Network Contributor role.

    1. Search for the Network Contributor role.

    2. Select the Network Contributor role.

  8. Select members for the role.

    1. Click on the Members tab.

    2. Select User, group, or service principal for Assign access to.

    3. Search and select the members appropriate for the role.

    4. Click on the Review + assign tab.

  9. Confirm and add the role assignment.

READER NOTE

If the dropdown options for + Add are grayed out, it may be due insufficient permissions or limited access scope. Contact the organization's administrator to request that the Network Contributor role (at a minimum) or an equivalent custom role be assigned to the account to use the commands.

  1. Obtain the Subscription ID.

    1. Click on the Overview tab.

    2. Copy the Subscription ID and store it somewhere safe. Refer to step 3i sub-step 7 in Configuring D3 SOAR to Work with Azure Network Security Groups.

Configuring D3 SOAR to Work with Azure Virtual Networks

  1. Log in to D3 SOAR.

  2. Find the Azure Virtual Networks integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Azure Virtual Networks in the search box to find the integration, then click it to select it.

    4. Click on the + Connection button on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Azure Virtual Networks.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: Check the checkbox to ensure the connection is available for use.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Input the Server URL. The default value is https://management.azure.com.

      2. Copy the Directory ID from the Azure Virtual Networks platform. Refer to step 4b of Configuring Azure Virtual Networks to Work with D3 SOAR.

      3. Input the Grant Type. Enter client_credentials.

      4. Copy the Client ID from the Azure Virtual Networks platform. Refer to step 4a of Configuring Azure Virtual Networks to Work with D3 SOAR.

      5. Copy the Client Secret from the Azure Virtual Networks platform. Refer to step 5c of Configuring Azure Virtual Networks to Work with D3 SOAR.

      6. Input the Resource. Enter the same value as the Server URL.

      7. Copy the Subscription ID from the Azure Virtual Networks platform. Refer to step 15b of Configuring Azure Virtual Networks to Work with D3 SOAR.

      8. Input the API Version. The default value is 2020-05-01.

    10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

Azure Virtual Networks includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Azure Virtual Networks API, refer to the Azure Virtual Networks Rest API reference.

READER NOTE

Certain permissions are required for each command. Refer to the Permission Requirements and Configuring Azure Virtual Networks to Work with D3 SOAR sections for details.

Create Network Interface

Creates or updates a network interface.

READER NOTE

Network Interface Name, Public IP Address ID, Subnet ID, and Virtual Network Names are optional parameters to run this command.

  • Run the List Network Interfaces command to obtain the Network Interface Name. Network Interface Names can be found in the raw data at the path $.value[*].name.

  • Run the List Public Addresses command to obtain the Public IP Address ID. The Public IP Address ID can refer to the public IP address ID or name. The value of the public IP address ID can be found in the raw data at the path $.value[*].id. The value of the public IP address name can be found in the raw data at the path $.value[*].name.

  • Run the List Subnets command to obtain the Subnet ID. The Subnet ID can refer to the subnet ID or name. The value of the subnet ID can be found in the raw data at the path $.value[*].id. The value of the subnet name can be found in the raw data at the path $.value[*].name.

  • Run the List Virtual Networks command to obtain the Virtual Network Name. Virtual Network Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Network Interface Name

Required

The name of the network interface. Network Interface Name can be obtained using the List Network Interfaces command.

networkInterfaceTest

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Location

Required

The resource location.

westus

Public IP Address ID

Required

The name or ID of the public IP address. Public IP Address ID or name can be obtained using the List Public IP Addresses command.

publicIpAddress1

Subnet ID

Required

The name or ID of the subnet. Subnet ID or name can be obtained using the List Subnets command.

subnetTest

Virtual Network Name

Optional

The name of the virtual network. Virtual Network Name can be obtained using the List Virtual Networks command.

virtualNetworks33

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "name": "networkInterfaceTest",
    "id": "*****",
    "etag": "*****",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "ipConfigurations": [
            {
                "name": "ipconfig1",
                "id": "*****",
                "etag": "*****",
                "type": "Microsoft.Network/networkInterfaces/ipConfigurations",
                "properties": {
                    "provisioningState": "Succeeded",
                    "privateIPAddress": "***.***.***.***",
                    "privateIPAllocationMethod": "Dynamic",
                    "publicIPAddress": {
                        "id": "*****"
                    },
                    "subnet": {
                        "id": "*****"
                    },
                    "primary": true,
                    "privateIPAddressVersion": "IPv4"
                }
            }
        ],
        "dnsSettings": {
            "dnsServers": [],
            "appliedDnsServers": [],
            "internalDomainNameSuffix": "*****.*****"
        },
        "enableAcceleratedNetworking": true,
        "enableIPForwarding": false,
        "hostedWorkloads": [],
        "tapConfigurations": [],
        "nicType": "Standard"
    },
    "type": "Microsoft.Network/networkInterfaces"
}
Context Data

The data that has been extracted from Raw Data and converted into JSON format. Context Data may be identical to Raw Data in some cases.

As the Raw Data contains the complete API response, refer to the Raw Data instead of the Context Data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be updated to use Raw Data.

SAMPLE DATA

JSON
{
    "name": "networkInterfaceTest",
    "id": "*****",
    "etag": "*****",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "ipConfigurations": [
            {
                "name": "ipconfig1",
                "id": "*****",
                "etag": "*****",
                "type": "Microsoft.Network/networkInterfaces/ipConfigurations",
                "properties": {
                    "provisioningState": "Succeeded",
                    "privateIPAddress": "***.***.***.***",
                    "privateIPAllocationMethod": "Dynamic",
                    "publicIPAddress": {
                        "id": "*****"
                    },
                    "subnet": {
                        "id": "*****"
                    },
                    "primary": true,
                    "privateIPAddressVersion": "IPv4"
                }
            }
        ],
        "dnsSettings": {
            "dnsServers": [],
            "appliedDnsServers": [],
            "internalDomainNameSuffix": "*****.*****"
        },
        "enableAcceleratedNetworking": true,
        "enableIPForwarding": false,
        "hostedWorkloads": [],
        "tapConfigurations": [],
        "nicType": "Standard"
    },
    "type": "Microsoft.Network/networkInterfaces"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, and IP addresses will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "networkInterfaceID": "*****",
  "networkInterfaceName": "networkInterfaceTest"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

networkInterfaceTest

id

*****

etag

*****

location

westus

tags

{

"key": "value"

}

properties

{

"provisioningState": "Succeeded",

"resourceGuid": "*****",

"ipConfigurations": [

{

"name": "ipconfig1",

"id": "*****",

"etag": "*****",

"type": "Microsoft.Network/networkInterfaces/ipConfigurations",

"properties": {

"provisioningState": "Succeeded",

"privateIPAddress": "***.***.***.***",

"privateIPAllocationMethod": "Dynamic",

"publicIPAddress": {

"id": "*****"

},

"subnet": {

"id": "*****"

},

"primary": true,

"privateIPAddressVersion": "IPv4"

}

}

],

"dnsSettings": {

"dnsServers": [],

"appliedDnsServers": [],

"internalDomainNameSuffix": "*****.*****"

},

"enableAcceleratedNetworking": true,

"enableIPForwarding": false,

"hostedWorkloads": [],

"tapConfigurations": [],

"nicType": "Standard"

}

type

Microsoft.Network/networkInterfaces

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Network Interface failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Create Network Interface failed.

Status Code: 400.

Message: Bad request.

Create Network Security Group

Creates or updates a network security group in the specified resource group.

READER NOTE

Network Security Group Name is an optional parameter to run this command.

  • Run the List Network Security Groups command to obtain the Network Security Group Name. Network Security Group Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Network Security Group Name

Required

The name of the network security group. Network Security Group Name can be obtained using the List Network Security Groups command.

networkSecurityGroup1

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Location

Required

The resource location.

westus

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "name": "networkSecurityGroup1",
    "id": "*****",
    "etag": "*****",
    "type": "Microsoft.Network/networkSecurityGroups",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "securityRules": [
            {
                "name": "rule1",
                "id": "*****/securityRules/rule1",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/securityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "80",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Allow",
                    "priority": 130,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "defaultSecurityRules": [
            {
                "name": "AllowVnetInBound",
                "id": "*****/defaultSecurityRules/AllowVnetInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow inbound traffic from all VMs in VNET",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "VirtualNetwork",
                    "destinationAddressPrefix": "VirtualNetwork",
                    "access": "Allow",
                    "priority": 65000,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowAzureLoadBalancerInBound",
                "id": "*****/defaultSecurityRules/AllowAzureLoadBalancerInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow inbound traffic from azure load balancer",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "AzureLoadBalancer",
                    "destinationAddressPrefix": "*",
                    "access": "Allow",
                    "priority": 65001,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "DenyAllInBound",
                "id": "*****/defaultSecurityRules/DenyAllInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Deny all inbound traffic",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Deny",
                    "priority": 65500,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowVnetOutBound",
                "id": "*****/defaultSecurityRules/AllowVnetOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow outbound traffic from all VMs to all VMs in VNET",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "VirtualNetwork",
                    "destinationAddressPrefix": "VirtualNetwork",
                    "access": "Allow",
                    "priority": 65000,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowInternetOutBound",
                "id": "*****/defaultSecurityRules/AllowInternetOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow outbound traffic from all VMs to Internet",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "Internet",
                    "access": "Allow",
                    "priority": 65001,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "DenyAllOutBound",
                "id": "*****/defaultSecurityRules/DenyAllOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Deny all outbound traffic",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Deny",
                    "priority": 65500,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ]
    }
}
Context Data

The data that has been extracted from Raw Data and converted into JSON format. Context Data may be identical to Raw Data in some cases.

As the Raw Data contains the complete API response, refer to the Raw Data instead of the Context Data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be updated to use Raw Data.

SAMPLE DATA

JSON
{
    "name": "networkSecurityGroup1",
    "id": "*****",
    "etag": "*****",
    "type": "Microsoft.Network/networkSecurityGroups",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "securityRules": [
            {
                "name": "rule1",
                "id": "*****/securityRules/rule1",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/securityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "80",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Allow",
                    "priority": 130,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "defaultSecurityRules": [
            {
                "name": "AllowVnetInBound",
                "id": "*****/defaultSecurityRules/AllowVnetInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow inbound traffic from all VMs in VNET",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "VirtualNetwork",
                    "destinationAddressPrefix": "VirtualNetwork",
                    "access": "Allow",
                    "priority": 65000,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowAzureLoadBalancerInBound",
                "id": "*****/defaultSecurityRules/AllowAzureLoadBalancerInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow inbound traffic from azure load balancer",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "AzureLoadBalancer",
                    "destinationAddressPrefix": "*",
                    "access": "Allow",
                    "priority": 65001,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "DenyAllInBound",
                "id": "*****/defaultSecurityRules/DenyAllInBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Deny all inbound traffic",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Deny",
                    "priority": 65500,
                    "direction": "Inbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowVnetOutBound",
                "id": "*****/defaultSecurityRules/AllowVnetOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow outbound traffic from all VMs to all VMs in VNET",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "VirtualNetwork",
                    "destinationAddressPrefix": "VirtualNetwork",
                    "access": "Allow",
                    "priority": 65000,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "AllowInternetOutBound",
                "id": "*****/defaultSecurityRules/AllowInternetOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow outbound traffic from all VMs to Internet",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "Internet",
                    "access": "Allow",
                    "priority": 65001,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            },
            {
                "name": "DenyAllOutBound",
                "id": "*****/defaultSecurityRules/DenyAllOutBound",
                "etag": "*****",
                "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Deny all outbound traffic",
                    "protocol": "*",
                    "sourcePortRange": "*",
                    "destinationPortRange": "*",
                    "sourceAddressPrefix": "*",
                    "destinationAddressPrefix": "*",
                    "access": "Deny",
                    "priority": 65500,
                    "direction": "Outbound",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ]
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, and IP addresses will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "networkSecurityGroupID": "*****",
  "networkSecurityGroupName": "networkSecurityGroup1"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

id

etag

type

location

properties

tags

testvn3333

*****

*****

Microsoft.Network/virtualNetworks

westus

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"addressSpace": {
"addressPrefixes": [
"***.***.***.***/***"
]
},
"subnets": [
{
"name": "testsubnet3333",
"id": "*****/subnets/testsubnet3333",
"etag": "*****",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "***.***.***.***/***",
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}

 

testvn377

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/testvn377

*****

Microsoft.Network/virtualNetworks

westus

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"addressSpace": {
"addressPrefixes": [
"***.***.***.***/***"
]
},
"subnets": [
{
"name": "subnetTest",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/testvn377/subnets/subnetTest",
"etag": "*****",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "***.***.***.***/***",
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}

 

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Network Security Group failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Create Network Security Group failed.

Status Code: 400.

Message: Bad request.

Create Public IP Address

Creates or updates a static or dynamic public IP address.

READER NOTE

Public IP Address Name is an optional parameter to run this command.

  • Run the List Public Addresses command to obtain the Public IP Address Name. Public IP Address Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Public IP Address Name

Required

The name of the public IP address. Public IP Address Name can be obtained using the List Public IP Addresses command.

publicIpAddress1

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Location

Required

The resource location.

westus

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "name": "publicIpAddress1",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
    "etag": "W/\"*****\"",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "ipAddress": "***.***.***.***",
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 10,
        "ipTags": [],
        "ipConfiguration": {
            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
        }
    },
    "type": "Microsoft.Network/publicIPAddresses",
    "sku": {
        "name": "Standard"
    }
}
Context Data

The data that has been extracted from Raw Data and converted into JSON format. Context Data may be identical to Raw Data in some cases.

As the Raw Data contains the complete API response, refer to the Raw Data instead of the Context Data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be updated to use Raw Data.

SAMPLE DATA

JSON
{
    "name": "publicIpAddress1",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
    "etag": "W/\"*****\"",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "ipAddress": "***.***.***.***",
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 10,
        "ipTags": [],
        "ipConfiguration": {
            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
        }
    },
    "type": "Microsoft.Network/publicIPAddresses",
    "sku": {
        "name": "Standard"
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, and IP addresses will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "publicIpAddressID": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
  "publicIpAddressName": "publicIpAddress1"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

publicIpAddress1

id

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1

etag

W/"*****"

location

westus

tags

{

"key": "value"

}

properties

{

"provisioningState": "Succeeded",

"resourceGuid": "*****",

"ipAddress": "***.***.***.***",

"publicIPAddressVersion": "IPv4",

"publicIPAllocationMethod": "Static",

"idleTimeoutInMinutes": 10,

"ipTags": [],

"ipConfiguration": {

"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"

}

}

type

Microsoft.Network/publicIPAddresses

sku

{

"name": "Standard"

}

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Public IP Address failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Create Public IP Address failed.

Status Code: 400.

Message: Bad request.

Create Subnet

Creates or updates a subnet in the specified virtual network.

READER NOTE

Subnet Name and Virtual Network Name are optional parameters to run this command.

  • Run the List Subnets command to obtain the Subnet Name. Subnet Names can be found in the raw data at the path $.value[*].name.

  • Run the List Virtual Networks command to obtain the Virtual Network Name. Virtual Network Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Subnet Name

Required

The name of the subnet. Subnet Name can be obtained using the List Subnets command.

subnetTest

Virtual Network Name

Required

The name of the virtual network. Virtual Network Name can be obtained using the List Virtual Networks command.

virtualNetworks33

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Subnet Address Prefix

Required

The address prefix of the subnet.

***.***.***.***/***

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "name": "subnetTest",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
    "etag": "W/\"*****\"",
    "properties": {
        "provisioningState": "Succeeded",
        "addressPrefix": "***.***.***.***/***",
        "ipConfigurations": [
            {
                "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
            }
        ],
        "delegations": [],
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
    },
    "type": "Microsoft.Network/virtualNetworks/subnets"
}
Context Data

The data that has been extracted from Raw Data and converted into JSON format. Context Data may be identical to Raw Data in some cases.

As the Raw Data contains the complete API response, refer to the Raw Data instead of the Context Data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be updated to use Raw Data.

SAMPLE DATA

JSON
{
    "name": "subnetTest",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
    "etag": "W/\"*****\"",
    "properties": {
        "provisioningState": "Succeeded",
        "addressPrefix": "***.***.***.***/***",
        "ipConfigurations": [
            {
                "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
            }
        ],
        "delegations": [],
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
    },
    "type": "Microsoft.Network/virtualNetworks/subnets"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, and IP addresses will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "subnetID": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
  "subnetName": "subnetTest"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

subnetTest

id

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest

etag

W/"*****"

properties

{

"provisioningState": "Succeeded",

"addressPrefix": "***.***.***.***/***",

"ipConfigurations": [

{

"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"

}

],

"delegations": [],

"privateEndpointNetworkPolicies": "Enabled",

"privateLinkServiceNetworkPolicies": "Enabled"

}

type

Microsoft.Network/virtualNetworks/subnets

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Subnet failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Create Subnet failed.

Status Code: 400.

Message: Bad request.

Create Virtual Network

Creates or updates a virtual network in the specified resource group.

READER NOTE

Virtual Network Name is an optional parameter to run this command.

  • Run the List Virtual Networks command to obtain the Virtual Network Name. Virtual Network Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Virtual Network Name

Required

The name of the virtual network. Virtual Network Name can be obtained using the List Virtual Networks command.

virtualNetworks34

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Location

Required

The resource location.

westus

Address Prefix

Required

The address prefix of the virtual network.

***.***.***.***/***

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "name": "virtualNetworks34",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks34",
    "etag": "*****",
    "type": "Microsoft.Network/virtualNetworks",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "addressSpace": {
            "addressPrefixes": [
                "***.***.***.***/***"
            ]
        },
        "subnets": [],
        "virtualNetworkPeerings": [],
        "enableDdosProtection": false,
        "enableVmProtection": false
    }
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
{
    "name": "virtualNetworks34",
    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks34",
    "etag": "*****",
    "type": "Microsoft.Network/virtualNetworks",
    "location": "westus",
    "tags": {
        "key": "value"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "*****",
        "addressSpace": {
            "addressPrefixes": [
                "***.***.***.***/***"
            ]
        },
        "subnets": [],
        "virtualNetworkPeerings": [],
        "enableDdosProtection": false,
        "enableVmProtection": false
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "virtualNetworkID": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks34",
  "virtualNetworkName": "virtualNetworks34"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

virtualNetworks34

id

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks34

etag

*****

type

Microsoft.Network/virtualNetworks

location

westus

tags

{

"key": "value"

}

properties

{

"provisioningState": "Succeeded",

"resourceGuid": "*****",

"addressSpace": {

"addressPrefixes": [

"***.***.***.***/***"

]

},

"subnets": [],

"virtualNetworkPeerings": [],

"enableDdosProtection": false,

"enableVmProtection": false

}

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Virtual Network failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Create Virtual Network failed.

Status Code: 400.

Message: Bad request.

Delete Network Interface

Deletes the specified network interface.

READER NOTE

Network Interface Names is an optional parameter to run this command.

  • Run the List Network Interfaces command to obtain the Network Interface Names. Network Interface Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Network Interface Names

Required

The names of the network interfaces to delete. Network Interface Names can be obtained using the List Network Interfaces command.

["testnetworkinterface34"]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Network Interface testnetworkinterface34 successful."
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Network Interface testnetworkinterface34 successful."
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "IDs": [
    "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/testnetworkinterface34"
  ],
  "Names": [
    "testnetworkinterface34"
  ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

result

Delete Network Interface testnetworkinterface34 successful.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Network Interface failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Delete Network Interface failed.

Status Code: 400.

Message: Bad request.

Delete Network Security Group

Deletes network security groups in the specified resource group.

READER NOTE

Network Security Group Names is an optional parameter to run this command.

  • Run the List Network Security Groups command to obtain the Network Security Group Names. Network Security Group Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Network Security Group Names

Required

The names of the network security groups to delete. Network Security Group Names can be obtained using the List Network Security Groups command.

["networkSecurityGroup123"]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Network Security Group networkSecurityGroup123 successful."
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Network Security Group networkSecurityGroup123 successful."
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "IDs": [
    "*****"
  ],
  "Names": [
    "networkSecurityGroup123"
  ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

result

Delete Network Security Group networkSecurityGroup123 successful.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Network Security Group failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Delete Network Security Group failed.

Status Code: 400.

Message: Bad request.

Delete Public IP Address

Deletes the specified public IP addresses.

READER NOTE

Public IP Address Names is an optional parameter to run this command.

  • Run the List Public Addresses command to obtain the Public IP Address Names. Public IP Address Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Public IP Address Names

Required

The names of public IP addresses to delete. Public IP Address Names can be obtained using the List Public IP Addresses command.

["testpublicipaddress33"]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Public IP Address testpublicipaddress33 successful."
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Public IP Address testpublicipaddress33 successful."
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "IDs": [
    "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/testpublicipaddress33"
  ],
  "Names": [
    "testpublicipaddress33"
  ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

result

Delete Public IP Address testpublicipaddress33 successful.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Public IP Address failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Delete Public IP Address failed.

Status Code: 400.

Message: Bad request.

Delete Subnet

Deletes subnets in the specified virtual network.

READER NOTE

Virtual Network Name and Subnet Names are optional parameters to run this command.

  • Run the List Virtual Networks command to obtain the Virtual Network Name. Virtual Network Names can be found in the raw data at the path $.value[*].name.

  • Run the List Subnets command to obtain the Subnet Names. Subnet Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Virtual Network Name

Required

The name of the virtual network. Virtual Network Name can be obtained using the List Virtual Networks command.

virtualNetworks375

Subnet Names

Required

The names of the subnets to delete. Subnet Names can be obtained using the List Subnets command.

["subnetTest1"]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Subnet subnetTest1 successful."
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Subnet subnetTest1 successful."
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "IDs": [
    "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks375/subnets/subnetTest1"
  ],
  "Names": [
    "subnetTest1"
  ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

result

Delete Subnet subnetTest1 successful.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Subnet failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Delete Subnet failed.

Status Code: 400.

Message: Bad request.

Delete Virtual Network

Deletes virtual networks in the specified resource group.

READER NOTE

Virtual Network Names is an optional parameter to run this command.

  • Run the List Virtual Networks command to obtain the Virtual Network Names. Virtual Network Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Virtual Network Names

Required

The names of the virtual networks to delete. Virtual Network Names can be obtained using the List Virtual Networks command.

["virtualNetworks375"]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Virtual Network virtualNetworks375 successful."
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "result": "Delete Virtual Network virtualNetworks375 successful."
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "IDs": [
    "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks375"
  ],
  "Names": [
    "virtualNetworks375"
  ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

result

Delete Virtual Network virtualNetworks375 successful.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Virtual Network failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

Delete Virtual Network failed.

Status Code: 400.

Message: Bad request.

List Network Interfaces

Lists network interfaces.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "value": [
        {
            "name": "networkInterfaceTest",
            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest",
            "etag": "*****",
            "location": "westus",
            "tags": {
                "key": "value"
            },
            "properties": {
                "provisioningState": "Succeeded",
                "resourceGuid": "*****",
                "ipConfigurations": [
                    {
                        "name": "ipconfig1",
                        "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkInterfaces/ipConfigurations",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "privateIPAddress": "***.***.***.***",
                            "privateIPAllocationMethod": "Dynamic",
                            "publicIPAddress": {
                                "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1"
                            },
                            "subnet": {
                                "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest"
                            },
                            "primary": true,
                            "privateIPAddressVersion": "IPv4"
                        }
                    }
                ],
                "dnsSettings": {
                    "dnsServers": [],
                    "appliedDnsServers": [],
                    "internalDomainNameSuffix": "*****.*****"
                },
                "enableAcceleratedNetworking": true,
                "enableIPForwarding": false,
                "hostedWorkloads": [],
                "tapConfigurations": [],
                "nicType": "Standard"
            },
            "type": "Microsoft.Network/networkInterfaces"
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "name": "networkInterfaceTest",
        "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest",
        "etag": "*****",
        "location": "westus",
        "tags": {
            "key": "value"
        },
        "properties": {
            "provisioningState": "Succeeded",
            "resourceGuid": "*****",
            "ipConfigurations": [
                {
                    "name": "ipconfig1",
                    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkInterfaces/ipConfigurations",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "privateIPAddress": "***.***.***.***",
                        "privateIPAllocationMethod": "Dynamic",
                        "publicIPAddress": {
                            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1"
                        },
                        "subnet": {
                            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest"
                        },
                        "primary": true,
                        "privateIPAddressVersion": "IPv4"
                    }
                }
            ],
            "dnsSettings": {
                "dnsServers": [],
                "appliedDnsServers": [],
                "internalDomainNameSuffix": "*****.*****"
            },
            "enableAcceleratedNetworking": true,
            "enableIPForwarding": false,
            "hostedWorkloads": [],
            "tapConfigurations": [],
            "nicType": "Standard"
        },
        "type": "Microsoft.Network/networkInterfaces"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest",
  "name": "networkInterfaceTest" 
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

d3cybersentinel790

d3db01771

id

/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkInterfaces/d3cybersentinel790

/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkInterfaces/d3db01771

etag

W/"*****"

W/"*****"

location

westus

westus

tags

{
"d3cybervm01": "d3cybervm01"
}

properties

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"ipConfigurations": [
{
"name": "ipconfig1",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkInterfaces/d3cybersentinel790/ipConfigurations/ipconfig1",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkInterfaces/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "***.***.***.***",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/virtualNetworks/D3UAT/subnets/d3cyber01"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": [],
"appliedDnsServers": [],
"internalDomainNameSuffix": "zehdtkzwnuuuhorjf3izsh1h0h.dx.internal.cloudapp.net"
},
"macAddress": "**-**-**-**-**-**",
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"networkSecurityGroup": {
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/D3cyberSentinel-nsg"
},
"hostedWorkloads": [],
"tapConfigurations": [],
"nicType": "Standard"
}

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"ipConfigurations": [
{
"name": "ipconfig1",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkInterfaces/d3db01771/ipConfigurations/ipconfig1",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkInterfaces/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "***.***.***.***",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/publicIPAddresses/d3db01-ip"
},
"subnet": {
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/virtualNetworks/aadds-vnet/subnets/aadds-subnet"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": [],
"appliedDnsServers": []
},
"macAddress": "**-**-**-**-**-**",
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"hostedWorkloads": [],
"tapConfigurations": [],
"nicType": "Standard"
}

type

Microsoft.Network/networkInterfaces

Microsoft.Network/networkInterfaces

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Network Interfaces failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

List Network Interfaces failed.

Status Code: 400.

Message: Bad request.

List Network Security Groups

Lists network security groups.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "value": [
        {
            "name": "networkSecurityGroup1",
            "id": "*****",
            "etag": "*****",
            "type": "Microsoft.Network/networkSecurityGroups",
            "location": "westus",
            "tags": {
                "key": "value"
            },
            "properties": {
                "provisioningState": "Succeeded",
                "resourceGuid": "*****",
                "securityRules": [
                    {
                        "name": "rule1",
                        "id": "*****/securityRules/rule1",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/securityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "80",
                            "sourceAddressPrefix": "*",
                            "destinationAddressPrefix": "*",
                            "access": "Allow",
                            "priority": 130,
                            "direction": "Inbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    }
                ],
                "defaultSecurityRules": [
                    {
                        "name": "AllowVnetInBound",
                        "id": "*****/defaultSecurityRules/AllowVnetInBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Allow inbound traffic from all VMs in VNET",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "VirtualNetwork",
                            "destinationAddressPrefix": "VirtualNetwork",
                            "access": "Allow",
                            "priority": 65000,
                            "direction": "Inbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    },
                    {
                        "name": "AllowAzureLoadBalancerInBound",
                        "id": "*****/defaultSecurityRules/AllowAzureLoadBalancerInBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Allow inbound traffic from azure load balancer",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "AzureLoadBalancer",
                            "destinationAddressPrefix": "*",
                            "access": "Allow",
                            "priority": 65001,
                            "direction": "Inbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    },
                    {
                        "name": "DenyAllInBound",
                        "id": "*****/defaultSecurityRules/DenyAllInBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Deny all inbound traffic",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "*",
                            "destinationAddressPrefix": "*",
                            "access": "Deny",
                            "priority": 65500,
                            "direction": "Inbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    },
                    {
                        "name": "AllowVnetOutBound",
                        "id": "*****/defaultSecurityRules/AllowVnetOutBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Allow outbound traffic from all VMs to all VMs in VNET",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "VirtualNetwork",
                            "destinationAddressPrefix": "VirtualNetwork",
                            "access": "Allow",
                            "priority": 65000,
                            "direction": "Outbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    },
                    {
                        "name": "AllowInternetOutBound",
                        "id": "*****/defaultSecurityRules/AllowInternetOutBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Allow outbound traffic from all VMs to Internet",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "*",
                            "destinationAddressPrefix": "Internet",
                            "access": "Allow",
                            "priority": 65001,
                            "direction": "Outbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    },
                    {
                        "name": "DenyAllOutBound",
                        "id": "*****/defaultSecurityRules/DenyAllOutBound",
                        "etag": "*****",
                        "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "description": "Deny all outbound traffic",
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "*",
                            "destinationAddressPrefix": "*",
                            "access": "Deny",
                            "priority": 65500,
                            "direction": "Outbound",
                            "sourcePortRanges": [],
                            "destinationPortRanges": [],
                            "sourceAddressPrefixes": [],
                            "destinationAddressPrefixes": []
                        }
                    }
                ]
            }
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "name": "networkSecurityGroup1",
        "id": "*****",
        "etag": "*****",
        "type": "Microsoft.Network/networkSecurityGroups",
        "location": "westus",
        "tags": {
            "key": "value"
        },
        "properties": {
            "provisioningState": "Succeeded",
            "resourceGuid": "*****",
            "securityRules": [
                {
                    "name": "rule1",
                    "id": "*****/securityRules/rule1",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/securityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "80",
                        "sourceAddressPrefix": "*",
                        "destinationAddressPrefix": "*",
                        "access": "Allow",
                        "priority": 130,
                        "direction": "Inbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                }
            ],
            "defaultSecurityRules": [
                {
                    "name": "AllowVnetInBound",
                    "id": "*****/defaultSecurityRules/AllowVnetInBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Allow inbound traffic from all VMs in VNET",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "VirtualNetwork",
                        "destinationAddressPrefix": "VirtualNetwork",
                        "access": "Allow",
                        "priority": 65000,
                        "direction": "Inbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                },
                {
                    "name": "AllowAzureLoadBalancerInBound",
                    "id": "*****/defaultSecurityRules/AllowAzureLoadBalancerInBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Allow inbound traffic from azure load balancer",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "AzureLoadBalancer",
                        "destinationAddressPrefix": "*",
                        "access": "Allow",
                        "priority": 65001,
                        "direction": "Inbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                },
                {
                    "name": "DenyAllInBound",
                    "id": "*****/defaultSecurityRules/DenyAllInBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Deny all inbound traffic",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "*",
                        "destinationAddressPrefix": "*",
                        "access": "Deny",
                        "priority": 65500,
                        "direction": "Inbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                },
                {
                    "name": "AllowVnetOutBound",
                    "id": "*****/defaultSecurityRules/AllowVnetOutBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Allow outbound traffic from all VMs to all VMs in VNET",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "VirtualNetwork",
                        "destinationAddressPrefix": "VirtualNetwork",
                        "access": "Allow",
                        "priority": 65000,
                        "direction": "Outbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                },
                {
                    "name": "AllowInternetOutBound",
                    "id": "*****/defaultSecurityRules/AllowInternetOutBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Allow outbound traffic from all VMs to Internet",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "*",
                        "destinationAddressPrefix": "Internet",
                        "access": "Allow",
                        "priority": 65001,
                        "direction": "Outbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                },
                {
                    "name": "DenyAllOutBound",
                    "id": "*****/defaultSecurityRules/DenyAllOutBound",
                    "etag": "*****",
                    "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "description": "Deny all outbound traffic",
                        "protocol": "*",
                        "sourcePortRange": "*",
                        "destinationPortRange": "*",
                        "sourceAddressPrefix": "*",
                        "destinationAddressPrefix": "*",
                        "access": "Deny",
                        "priority": 65500,
                        "direction": "Outbound",
                        "sourcePortRanges": [],
                        "destinationPortRanges": [],
                        "sourceAddressPrefixes": [],
                        "destinationAddressPrefixes": []
                    }
                }
            ]
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "id": "*****",
  "name": "networkSecurityGroup1" 
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

networkSecurityGroup1w

testnetworksecuritygroup375

basicNsgD3UAT-vnet-nic01

id

*****

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375

/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01

etag

W/"*****"

W/"*****"

W/"*****"

type

Microsoft.Network/networkSecurityGroups

Microsoft.Network/networkSecurityGroups

Microsoft.Network/networkSecurityGroups

location

westus

westus

westus2

properties

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"securityRules": [
{
"name": "rule1",
"id": "*****w/securityRules/rule1",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"provisioningState": "Succeeded",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 130,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
],
"defaultSecurityRules": [
{
"name": "AllowVnetInBound",
"id": "*****w/defaultSecurityRules/AllowVnetInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowAzureLoadBalancerInBound",
"id": "*****w/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from azure load balancer",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 65001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllInBound",
"id": "*****w/defaultSecurityRules/DenyAllInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowVnetOutBound",
"id": "*****w/defaultSecurityRules/AllowVnetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowInternetOutBound",
"id": "*****w/defaultSecurityRules/AllowInternetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to Internet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "Internet",
"access": "Allow",
"priority": 65001,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllOutBound",
"id": "*****w/defaultSecurityRules/DenyAllOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all outbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"securityRules": [],
"defaultSecurityRules": [
{
"name": "AllowVnetInBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/AllowVnetInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowAzureLoadBalancerInBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from azure load balancer",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 65001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllInBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/DenyAllInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowVnetOutBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/AllowVnetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowInternetOutBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/AllowInternetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to Internet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "Internet",
"access": "Allow",
"priority": 65001,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllOutBound",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkSecurityGroups/testnetworksecuritygroup375/defaultSecurityRules/DenyAllOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all outbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"securityRules": [],
"defaultSecurityRules": [
{
"name": "AllowVnetInBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/AllowVnetInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowAzureLoadBalancerInBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/AllowAzureLoadBalancerInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow inbound traffic from azure load balancer",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 65001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllInBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/DenyAllInBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowVnetOutBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/AllowVnetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 65000,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowInternetOutBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/AllowInternetOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to Internet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "Internet",
"access": "Allow",
"priority": 65001,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "DenyAllOutBound",
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkSecurityGroups/basicNsgD3UAT-vnet-nic01/defaultSecurityRules/DenyAllOutBound",
"etag": "W/\"*****\"",
"type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all outbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 65500,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}

tags

{
"key": "value"
}

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Network Security Groups failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

List Network Security Groups failed.

Status Code: 400.

Message: Bad request.

List Public IP Addresses

Lists public IP addresses.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "value": [
        {
            "name": "publicIpAddress1",
            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
            "etag": "W/\"*****\"",
            "location": "westus",
            "tags": {
                "key": "value"
            },
            "properties": {
                "provisioningState": "Succeeded",
                "resourceGuid": "*****",
                "ipAddress": "***.***.***.***",
                "publicIPAddressVersion": "IPv4",
                "publicIPAllocationMethod": "Static",
                "idleTimeoutInMinutes": 10,
                "ipTags": [],
                "ipConfiguration": {
                    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
                }
            },
            "type": "Microsoft.Network/publicIPAddresses",
            "sku": {
                "name": "Standard"
            }
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "name": "publicIpAddress1",
        "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
        "etag": "W/\"*****\"",
        "location": "westus",
        "tags": {
            "key": "value"
        },
        "properties": {
            "provisioningState": "Succeeded",
            "resourceGuid": "*****",
            "ipAddress": "***.***.***.***",
            "publicIPAddressVersion": "IPv4",
            "publicIPAllocationMethod": "Static",
            "idleTimeoutInMinutes": 10,
            "ipTags": [],
            "ipConfiguration": {
                "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
            }
        },
        "type": "Microsoft.Network/publicIPAddresses",
        "sku": {
            "name": "Standard"
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/publicIPAddresses/publicIpAddress1",
  "name": "publicIpAddress1" 
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

agwip

d3db01-ip

id

/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/publicIPAddresses/agwip

/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/publicIPAddresses/d3db01-ip

etag

W/"*****"

W/"*****"

location

westus

westus

properties

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"ipAddress": "52.250.248.56",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4,
"ipTags": []
}

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Dynamic",
"idleTimeoutInMinutes": 4,
"ipTags": [],
"ipConfiguration": {
"id": "/subscriptions/*****/resourceGroups/D3UAT/providers/Microsoft.Network/networkInterfaces/d3db01771/ipConfigurations/ipconfig1"
}
}

type

Microsoft.Network/publicIPAddresses

Microsoft.Network/publicIPAddresses

sku

{
"name": "Standard"
}

{
"name": "Basic"
}

tags

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Public IP Addresses failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

List Public IP Addresses failed.

Status Code: 400.

Message: Bad request.

List Subnets

Lists subnets.

READER NOTE

Virtual Network Name is an optional parameter to run this command.

  • Run the List Virtual Networks command to obtain the Virtual Network Name. Virtual Network Names can be found in the raw data at the path $.value[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Virtual Network Name

Required

The name of the virtual network. Virtual Network Name can be obtained using the List Virtual Networks command.

virtualNetworks33

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "value": [
        {
            "name": "subnetTest",
            "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
            "etag": "W/\"*****\"",
            "properties": {
                "provisioningState": "Succeeded",
                "addressPrefix": "***.***.***.***/***",
                "ipConfigurations": [
                    {
                        "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
                    }
                ],
                "delegations": [],
                "privateEndpointNetworkPolicies": "Enabled",
                "privateLinkServiceNetworkPolicies": "Enabled"
            },
            "type": "Microsoft.Network/virtualNetworks/subnets"
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "name": "subnetTest",
        "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
        "etag": "W/\"*****\"",
        "properties": {
            "provisioningState": "Succeeded",
            "addressPrefix": "***.***.***.***/***",
            "ipConfigurations": [
                {
                    "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/networkInterfaces/networkInterfaceTest/ipConfigurations/ipconfig1"
                }
            ],
            "delegations": [],
            "privateEndpointNetworkPolicies": "Enabled",
            "privateLinkServiceNetworkPolicies": "Enabled"
        },
        "type": "Microsoft.Network/virtualNetworks/subnets"
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks33/subnets/subnetTest",
  "name": "subnetTest" 
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

id

etag

properties

type

testsubnet3333

*****/subnets/testsubnet3333

*****

{
"provisioningState": "Succeeded",
"addressPrefix": "***.***.***.***/***",
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}

Microsoft.Network/virtualNetworks/subnets

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Subnets failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

List Subnets failed.

Status Code: 400.

Message: Bad request.

List Virtual Networks

Lists virtual networks.

Input

Input Parameter

Required/Optional

Description

Example

Resource Group Name

Required

The name of the resource group. Resource groups can be found on the Azure portal. Refer to Manage Azure resource groups by using the Azure portal for more information.

d3uat

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "value": [
        {
            "name": "testvn3333",
            "id": "*****",
            "etag": "*****",
            "type": "Microsoft.Network/virtualNetworks",
            "location": "westus",
            "properties": {
                "provisioningState": "Succeeded",
                "resourceGuid": "*****",
                "addressSpace": {
                    "addressPrefixes": [
                        "***.***.***.***/***"
                    ]
                },
                "subnets": [
                    {
                        "name": "testsubnet3333",
                        "id": "*****/subnets/testsubnet3333",
                        "etag": "*****",
                        "properties": {
                            "provisioningState": "Succeeded",
                            "addressPrefix": "***.***.***.***/***",
                            "delegations": [],
                            "privateEndpointNetworkPolicies": "Enabled",
                            "privateLinkServiceNetworkPolicies": "Enabled"
                        },
                        "type": "Microsoft.Network/virtualNetworks/subnets"
                    }
                ],
                "virtualNetworkPeerings": [],
                "enableDdosProtection": false,
                "enableVmProtection": false
            }
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

JSON
[
    {
        "name": "testvn3333",
        "id": "*****",
        "etag": "*****",
        "type": "Microsoft.Network/virtualNetworks",
        "location": "westus",
        "properties": {
            "provisioningState": "Succeeded",
            "resourceGuid": "*****",
            "addressSpace": {
                "addressPrefixes": [
                    "***.***.***.***/***"
                ]
            },
            "subnets": [
                {
                    "name": "testsubnet3333",
                    "id": "*****/subnets/testsubnet3333",
                    "etag": "*****",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "addressPrefix": "***.***.***.***/***",
                        "delegations": [],
                        "privateEndpointNetworkPolicies": "Enabled",
                        "privateLinkServiceNetworkPolicies": "Enabled"
                    },
                    "type": "Microsoft.Network/virtualNetworks/subnets"
                }
            ],
            "virtualNetworkPeerings": [],
            "enableDdosProtection": false,
            "enableVmProtection": false
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

JSON
{
  "id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/virtualNetworks34",
  "name": "virtualNetworks34"
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

id

etag

type

location

properties

tags

testvn3333

*****

*****

Microsoft.Network/virtualNetworks

westus

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"addressSpace": {
"addressPrefixes": [
"***.***.***.***/***"
]
},
"subnets": [
{
"name": "testsubnet3333",
"id": "*****/subnets/testsubnet3333",
"etag": "*****",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "***.***.***.***/***",
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}

 

testvn377

/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/testvn377

*****

Microsoft.Network/virtualNetworks

westus

{
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"addressSpace": {
"addressPrefixes": [
"***.***.***.***/***"
]
},
"subnets": [
{
"name": "subnetTest",
"id": "/subscriptions/*****/resourceGroups/d3uat/providers/Microsoft.Network/virtualNetworks/testvn377/subnets/subnetTest",
"etag": "*****",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "***.***.***.***/***",
"delegations": [],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"enableVmProtection": false
}

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Virtual Networks failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad request.

Error Sample Data

List Virtual Networks failed.

Status Code: 400.

Message: Bad request.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Azure Virtual Networks portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 403.

Message: Unauthorized.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.