Forum Discussion
Automating label downgrade email notifications
You will need to use the Playbook to extract the Entity details, and the email for the user, you can then pass that to the "Send an Email" step or use IdentityInfo which has the manager details (assuming you have UEBA enabled), so once you have the user, you can lookup the manager
IdentityInfo
| where AccountUPN == "< insert name >"
| project AccountName, ManagerSupported triggers and actions in Microsoft Sentinel playbooks | Microsoft Learn
Thanks Clive_Watson I did see that entry but because it didnt match what you had on your screen I didnt select it.
Unfortunately, I have the same issue with the email action, under Outlook 365, I don't have "Send an email with incident details".
You only need a "send email" any data you need you can get from the steps above in the Playbook