Forum Discussion
Assigning alerts/incidents in Sentinel to a specific team/user/group.
Pranesh1060 To answer your first question, unfortunately Playbooks can only be assigned to Scheduled rules so alerts that get generated from other sources like MCAS would not be able to trigger a Playbook (yet? Please, Microsoft. Make this happen!). You can trigger the Playbook from the Incident's full details page using the Alert tab but that is a manual process.
In regards to your second question, unfortunately there is not way to get the information you want into a Sentinel workbook since the Incident information is not stored in Log Analytics. I did write a blog post about how to load the information into PowerBI and from there you can create the reports you want. Not the best option but it might have to do for now. https://www.garybushey.com/2020/01/20/azure-sentinel-incidents-in-powerbi/
Hi Gary, thanks for your response. However when playbooks are getting triggered for a scheduled alert, is there a possibility to hard code the name of the administrator or a team directly? Like for every MCAS scheduled alert the incident owner should be me.