Lansweeper App For Sentinel (Preview)
The Integration of Lansweeper app on the MS Sentinel Platform implements the investigative actions and enables end-users to implement any use cases as a combination of the below-mentioned actions. Authorization: Authenticate the connection with Lansweeper APIs using the Authorization Token from Logic app. List Authorized Sites: Retrieve the list of the authorized sites. Hunt IP or Hunt MAC: Get the asset details from the Lansweeper platform for the given Site ID and IP address or MAC address.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Lansweeper Support team |
URL | https://www.lansweeper.com/kb/ |
[email protected] |
Connector Metadata | |
---|---|
Publisher | Lansweeper |
Website | https://www.lansweeper.com/ |
Privacy policy | https://www.lansweeper.com/privacy-policy/ |
Categories | Security;IT Operations |
The Lansweeper App for MSFT Sentinel allows SOC team members to leverage the Lansweeper capabilities of IT Asset discovery and identification, allowing it to be automated via the Microsoft Logic App.
It will allow end-users to implement any use cases on the Lansweeper Platform that are possible using a combination of the below-mentioned actions.
Authentication: Create a Logic app with a custom connector. Authenticate the connection with Lansweeper APIs using the API Key from Logic app.
List Authorized Sites: Retrieve the list of the authorized sites.
Hunt IP: Get the asset details from the Lansweeper platform for the given Site ID and IP address.
Hunt MAC: Provide the asset details from the Lansweeper platform for the given Site ID and MAC address
Prerequisites
- An Azure subscription
- Lansweeper API Authorization Token
How to get Authorization Token for Lansweeper API connection
Refer Personal Application to get Lansweeper API Authorization Token
How to use connector
Steps
You will need the following to proceed:
- Go to Azure Logic app → Logic app designer.
- Select triggers as per your requirement.
- Choose New step, then Add an action.
- Search for the Lansweeper App For Sentinel connector, then choose the action associated with that connector.
- Enter a name for the connection and the API key token that you have generated from above step : How to get Authorization Token for Lansweeper API connection.
- Use below mentioned GraphQL queries for List Authorized Sites, Hunt IP and Hunt MAC operations :
[List Authorized Sites]: Get site IDs
{
authorizedSites
{
sites
{
id
name
}
}
}
[Hunt IP]: Get asset details using IP address
query getAssetResources
{
site(id: "{Site ID value}")
{
assetResources
(
assetPagination: { limit: 20, page: {Currentpage value}, cursor: {Cursor value}}
fields:
[
"assetBasicInfo.name"
"assetBasicInfo.userDomain"
"assetBasicInfo.description"
"assetBasicInfo.mac"
"assetCustom.model"
"batteries.availability"
"graphicsCards.manufacturer"
"networkAdapters.macAddress"
"networks.ipAddressV4"
"url"
]
filters:
{
conjunction: AND
conditions:
[
{
operator: LIKE
path: "assetBasicInfo.ipAddress"
value: "{IP Address value}"
}
]
}
)
{
total
pagination
{
limit
current
next
page
}
items
}
}
}
- {Site ID value}: Site ID for which we need to get asset details
- {Currentpage value}: We have to specify FIRST, LAST or NEXT as value for current page.
Fields like current and next contain what are called cursors. These cursors indicate from which element the current page should be filled.
For more details refer link - {Cursor value}: The previous page can be obtained the same way but with the cursor current and page PREV.
When using Currentpage value to FIRST or LAST, cursors are ignored.
For more details refer link - {IP Address value}: Lookup IP Address to get asset details
[Hunt MAC]: Get asset details using MAC address
query getAssetResources
{
site(id: "{Site ID value}")
{
assetResources
(
assetPagination: { limit: 20, page: {Currentpage value}, cursor: {Cursor value}}
fields:
[
"assetBasicInfo.name"
"assetBasicInfo.userDomain"
"assetBasicInfo.description"
"assetBasicInfo.mac"
"assetCustom.model"
"batteries.availability"
"graphicsCards.manufacturer"
"networkAdapters.macAddress"
"networks.ipAddressV4"
"url"
]
filters:
{
conjunction: AND
conditions:
[
{
operator: LIKE
path: "assetBasicInfo.mac"
value: "{MAC Address value}"
}
]
}
)
{
total
pagination
{
limit
current
next
page
}
items
}
}
}
- {Site ID value}: Site ID for which we need to get asset details
- {Currentpage value}: We have to specify FIRST, LAST or NEXT as value for current page.
Fields like current and next contain what are called cursors. These cursors indicate from which element the current page should be filled.
For more details refer link - {Cursor value}: The previous page can be obtained the same way but with the cursor current and page PREV.
When using Currentpage value to FIRST or LAST, cursors are ignored.
For more details refer link - {MAC Address value}: Lookup MAC Address to get asset details
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
API Token | securestring | The Token for this api | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Get the list of Site IDs and Asset details |
Retrieve list of Site IDs, Asset details for the given IP Address or MAC Address. |
Get the list of Site IDs and Asset details
Retrieve list of Site IDs, Asset details for the given IP Address or MAC Address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Content-Type
|
Content-Type | True | string |
Content-Type |
query
|
query | string |
query |