Forum Discussion
Send an Email with Incident Details
I'm endeavoring to manage incident responses in Sentinel using Logic Apps. However, I'm encountering a challenge: my COMPOSE action involves multiple JSON objects. One JSON contains information abou...
howzit bud, in what platform is this incident log being produced? Is there information being produced in any log analytics workspace tables?
Im happy to help you write a KQL query to monitor the respective table for a result (on a recurring trigger) and then send an email with the dynamic content you require eg username, email, ip.
Kinda using the same principle on my blog from step 6. https://allenvisser.azurewebsites.net/2024/04/24/brute-force-attacks/
vote if you like, and respond if you wanna deep dive this 🙂
Im happy to help you write a KQL query to monitor the respective table for a result (on a recurring trigger) and then send an email with the dynamic content you require eg username, email, ip.
Kinda using the same principle on my blog from step 6. https://allenvisser.azurewebsites.net/2024/04/24/brute-force-attacks/
vote if you like, and respond if you wanna deep dive this 🙂