Forum Discussion
Azure Sentinel Playbook Errors
Lately we've been having an increasingly number of issues in which our Logic Apps are failing to process resulting in the tickets (this is a SNOW connected Logic App) not being created for said alert...
Any reason why this hasn't been answered?
I have same issue
"message": "The response is not in a JSON format.",
"innerError": "Failed to run playbook - no incident found with the properties you provided"
I added in a delay before the get-alert get-incident action as suggested in another similar post.
Can anyone help?
The playbook I am using is the BlockADOnPremUser playbook.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/automatically-disable-on-prem-ad-user-using-a-playbook-triggered/ba-p/2098272
I have same issue
"message": "The response is not in a JSON format.",
"innerError": "Failed to run playbook - no incident found with the properties you provided"
I added in a delay before the get-alert get-incident action as suggested in another similar post.
Can anyone help?
The playbook I am using is the BlockADOnPremUser playbook.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/automatically-disable-on-prem-ad-user-using-a-playbook-triggered/ba-p/2098272
Switch your trigger from the Microsoft Sentinel alert trigger to the Microsoft Sentinel incident trigger. It will not fire until the incident is created and all the incident information (or at least most of it) will already be loaded.