Forum Discussion
Solved
details of connectors triggering alerts
Hey all! Hope you are doing well. I have a playbook that triggers creates incident ticket to a third party incident management software.
I have been trying to figure out how to include the details of the connector from where the alert is triggered.
This is not presently featured on the logic apps and if I were to raise a feature request, how do I go about it?
Thanks
gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)
2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF. I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.
With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.
gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)
2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF. I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.
With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.
- Thanks very much GaryA
