Forum Discussion
szkoszegi666
Jul 28, 2022Copper Contributor
Create Servicenow tickets only for incidents above Medium Severity
Hi there -
I deployed the following Logic App to open Servicenow tickets for Sentinel incidents and it works fine.
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Create-SNOW-record
However, there are many Informational and Low Severity Sentinel Incidents which we don't want to send to Servicenow - does anyone know how to modify the Logic App to meet this requirement?
Thanks,
Szabi
- SteTanukiCopper ContributorI realise this is super old now but just in case anyone stumbles across this.
The way to resolve this would be to set the criteria at the automation rule level in Sentinel.
Trigger on all incidents where severity == Medium or seveirty == high
This way the playbook will only run when the incidnet hits those criteria in advance