JSON Code – Events Data
Copy
{
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Call_ABR_Sentinel_API": {
"inputs": {
"method": "GET",
"uri": "https://sentinel.adminbyrequest.com/Events/GetEventStartId?apiKey=@{parameters('ApiKey')}"
},
"runAfter": {},
"type": "Http"
},
"Call_the_ABR_Audit_API": {
"inputs": {
"headers": {
"apikey": "@parameters('ApiKey')"
},
"method": "GET",
"uri": "@{variables('apiEndpoint')}/events?startId=@{variables('startEventId')}&take=10000"
},
"runAfter": {
"Initialize_apiEndpoint_variable": [
"Succeeded"
]
},
"type": "Http"
},
"Get_latest_eventId": {
"inputs": {
"headers": {
"apikey": "@parameters('ApiKey')"
},
"method": "GET",
"uri": "@{variables('apiEndpoint')}/events?last=1"
},
"runAfter": {
"Parse_JSON": [
"Succeeded"
]
},
"type": "Http"
},
"Initialize_apiEndpoint_variable": {
"inputs": {
"variables": [
{
"name": "apiEndpoint",
"type": "string",
"value": "@body('Parse_API_data')?['publicApiUrl']"
}
]
},
"runAfter": {
"Initialize_startEventId_variable": [
"Succeeded"
]
},
"type": "InitializeVariable"
},
"Initialize_latest_event_variable": {
"inputs": {
"variables": [
{
"name": "latestEventId",
"type": "integer",
"value": "@body('Parse_Latest_Event_JSON')[0]['id']"
}
]
},
"runAfter": {
"Parse_Latest_Event_JSON": [
"Succeeded"
]
},
"type": "InitializeVariable"
},
"Initialize_startEventId_variable": {
"inputs": {
"variables": [
{
"name": "startEventId",
"type": "integer",
"value": "@body('Parse_API_data')?['eventId']"
}
]
},
"runAfter": {
"Parse_API_data": [
"Succeeded"
]
},
"type": "InitializeVariable"
},
"Loop_entries": {
"actions": {},
"foreach": "@body('Parse_JSON')",
"runAfter": {
"Set_latest_event_ID": [
"Succeeded"
]
},
"type": "Foreach"
},
"Parse_API_data": {
"inputs": {
"content": "@body('Call_ABR_Sentinel_API')",
"schema": {
"properties": {
"eventId": {
"type": "integer"
},
"publicApiUrl": {
"type": "string"
},
"success": {
"type": "boolean"
}
},
"type": "object"
}
},
"runAfter": {
"Call_ABR_Sentinel_API": [
"Succeeded"
]
},
"type": "ParseJson"
},
"Parse_JSON": {
"inputs": {
"content": "@body('Call_the_ABR_Audit_API')",
"schema": {
"items": {
"properties": {
"additionalData": {},
"alertAccount": {},
"application": {
"properties": {
"file": {},
"name": {},
"path": {},
"sha256": {},
"vendor": {},
"version": {}
},
"type": "object"
},
"auditLogURL": {},
"computerName": {
"type": "string"
},
"eventCode": {
"type": "integer"
},
"eventLevel": {
"type": "integer"
},
"eventText": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTimeUTC": {
"type": "string"
},
"id": {
"type": "integer"
},
"rollback": {
"type": "boolean"
},
"userAccount": {},
"userName": {}
},
"required": [
"id",
"eventCode",
"eventLevel",
"eventText",
"eventTime",
"eventTimeUTC",
"computerName",
"userAccount",
"userName",
"alertAccount",
"auditLogURL",
"rollback",
"additionalData",
"application"
],
"type": "object"
},
"type": "array"
}
},
"runAfter": {
"Call_the_ABR_Audit_API": [
"Succeeded"
]
},
"type": "ParseJson"
},
"Parse_Latest_Event_JSON": {
"inputs": {
"content": "@body('Get_latest_eventId')",
"schema": {
"items": {
"properties": {
"additionalData": {},
"alertAccount": {},
"application": {
"properties": {
"file": {},
"name": {},
"path": {},
"sha256": {},
"vendor": {},
"version": {}
},
"type": "object"
},
"auditLogURL": {},
"computerName": {
"type": "string"
},
"eventCode": {
"type": "integer"
},
"eventLevel": {
"type": "integer"
},
"eventText": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTimeUTC": {
"type": "string"
},
"id": {
"type": "integer"
},
"rollback": {
"type": "boolean"
},
"userAccount": {
"type": "string"
},
"userName": {}
},
"required": [
"id",
"eventCode",
"eventLevel",
"eventText",
"eventTime",
"eventTimeUTC",
"computerName",
"userAccount",
"userName",
"alertAccount",
"auditLogURL",
"rollback",
"additionalData",
"application"
],
"type": "object"
},
"type": "array"
}
},
"runAfter": {
"Get_latest_eventId": [
"Succeeded"
]
},
"type": "ParseJson"
},
"Set_latest_event_ID": {
"inputs": {
"body": {
"ApiKey": "@parameters('ApiKey')",
"EventStartId": "@variables('latestEventId')"
},
"method": "POST",
"uri": "https://sentinel.adminbyrequest.com/Events/SetEventStartId"
},
"runAfter": {
"Initialize_latest_event_variable": [
"Succeeded"
]
},
"type": "Http"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"ApiKey": {
"defaultValue": "xxx",
"type": "String"
},
"LogName": {
"defaultValue": "SentinelTest",
"type": "String"
}
},
"triggers": {
"Recurrence": {
"evaluatedRecurrence": {
"frequency": "Day",
"interval": 1,
"startTime": "2022-06-22T15:00:00Z"
},
"recurrence": {
"frequency": "Day",
"interval": 1,
"startTime": "2022-06-22T15:00:00Z"
},
"type": "Recurrence"
}
}
},
"parameters": {}
}