Forum Discussion
Azure Sentinel - Scheduled Search
Hi everyone, I need to create a report on Azure Sentinel that will send its results to selected group of email addresses, once a week. Does anyone knows how can I achieve that, and if it is e...
1. Create an Azure Monitor Alerts rule, send to an Action group that has the emails required.
or
2. Create a Logic App (Azure Sentinel Playbook); define a 'recurrence" trigger, and run the KQL, and email. Also note, the Rule can trigger a Playbook that sends the email each time the Incident fires (use the Sentinel trigger rather than 'recurrence')