Forum Discussion

szkoszegi666's avatar
szkoszegi666
Copper Contributor
Jul 28, 2022

Create Servicenow tickets only for incidents above Medium Severity

Hi there - 

 

I deployed the following Logic App to open Servicenow tickets for Sentinel incidents and it works fine.

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Create-SNOW-record

 

However, there are many Informational and Low Severity Sentinel Incidents which we don't want to send to Servicenow - does anyone know how to modify the Logic App to meet this requirement?

 

Thanks,

Szabi 

  • SteTanuki's avatar
    SteTanuki
    Copper Contributor
    I realise this is super old now but just in case anyone stumbles across this.

    The way to resolve this would be to set the criteria at the automation rule level in Sentinel.

    Trigger on all incidents where severity == Medium or seveirty == high

    This way the playbook will only run when the incidnet hits those criteria in advance

Resources