Forum Discussion
Custom Alerts output in logic App
Hello, I have a created a custom alert to notify when there is a user added or deleted to Active Directories. This query list down the few values which I would like to use them in Logic APP to trigg...
Singanna When you create your Logic App, use either the Azure Sentinel Alert or the Azure Sentinel Incident triggers. Either one of these will populate a series of values that you can then use in the rest of your Logic App and will allow you to use the Logic App (called a Playbook inside of Azure Sentinel) with Azure Sentinel.
If you use the Azure Sentinel Alert trigger you would then need to modify your Analytic rule and add the new Playbook to it but you could also trigger the Playbook manually.
If you use the Incident trigger, you can create an Automation rule so that multiple Analytic rules can use it but you cannot trigger the Playbook manually.
- Thanks GaryA for the response. I have created the Logic App using the Sentinel Alert and configured it for the alert. But I need my Alert output in the logic app so that the email will show the details of the user being added/removed from the group. I could not find the Logic App being populating those values to add it to my email. Please advise.
- What information is it you are looking for? When you click in the body of the Email, for example, you should be presented with a listing of dynamic content, some of which will come from the Alert trigger.
- Hi GaryA
I have alert output like, the Active Directory name, User who is added/Removed to the AD . I want to add these details to a email body and send to required parties. I want to trigger this email via Logic App. But I am not Sure how the alert trigger data can be accessed via Logic App. Hope I am clear here.
Thanks
Raju
