Forum Discussion
Solved
Azure Sentinel Logic App Action Incident ID
I am looking at the Azure Sentinel action in Logic Apps (AKA Playbooks) and I notice that when I try to do something like "Add a Label" or "Write a Comment" most of the fields (Subscription ID, Resou...
You need to use System Alert ID
Awesome! glad a could help.
if you have cool playbooks feel free to help contribute to the github repo!
Nicholas DiCola (SECURITY JEDI) A little more weirdness. I can get my Incident, post a comment back to my Incident, Generate a Service Now Incident, and then post a message to Teams (in that order) just fine. However, if I try to post a comment back to my incident AFTER generating a ServiceNow incident I get the following error message (which talks about changing settings in a webapp that I certainly don't have access to). Any ideas?
{
"error": {
"code": 400,
"source": "logic-apis-eastus.azure-apim.net",
"clientRequestId": "d7b8f14a-9f0e-43df-b385-6eb3f14a4869",
"message": "The response is not in a JSON format.",
"innerError": "<!DOCTYPE html>\r\n<html>\r\n <head>\r\n <title>Runtime Error</title>\r\n <meta name=\"viewport\" content=\"width=device-width\" />\r\n <style>\r\n body {font-family:\"Verdana\";font-weight:normal;font-size: .7em;color:black;} \r\n p {font-family:\"Verdana\";font-weight:normal;color:black;margin-top: -5px}\r\n b {font-family:\"Verdana\";font-weight:bold;color:black;margin-top: -5px}\r\n H1 { font-family:\"Verdana\";font-weight:normal;font-size:18pt;color:red }\r\n H2 { font-family:\"Verdana\";font-weight:normal;font-size:14pt;color:maroon }\r\n pre {font-family:\"Consolas\",\"Lucida Console\",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}\r\n .marker {font-weight: bold; color: black;text-decoration: none;}\r\n .version {color: gray;}\r\n .error {margin-bottom: 10px;}\r\n .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }\r\n @media screen and (max-width: 639px) {\r\n pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }\r\n }\r\n @media screen and (max-width: 479px) {\r\n pre { width: 280px; }\r\n }\r\n </style>\r\n </head>\r\n\r\n <body bgcolor=\"white\">\r\n\r\n <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>\r\n\r\n <h2> <i>Runtime Error</i> </h2></span>\r\n\r\n <font face=\"Arial, Helvetica, Geneva, SunSans-Regular, sans-serif \">\r\n\r\n <b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.\r\n <br><br>\r\n\r\n <b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>\r\n\r\n <table width=100% bgcolor=\"#ffffcc\">\r\n <tr>\r\n <td>\r\n <code><pre>\r\n\r\n<!-- Web.Config Configuration File -->\r\n\r\n<configuration>\r\n <system.web>\r\n <customErrors mode="Off"/>\r\n </system.web>\r\n</configuration></pre></code>\r\n\r\n </td>\r\n </tr>\r\n </table>\r\n\r\n <br>\r\n\r\n <b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>\r\n\r\n <table width=100% bgcolor=\"#ffffcc\">\r\n <tr>\r\n <td>\r\n <code><pre>\r\n\r\n<!-- Web.Config Configuration File -->\r\n\r\n<configuration>\r\n <system.web>\r\n <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>\r\n </system.web>\r\n</configuration></pre></code>\r\n\r\n </td>\r\n </tr>\r\n </table>\r\n\r\n <br>\r\n\r\n </body>\r\n</html>\r\n"
}
}
GaryBushey sent you a PM.