details of connectors triggering alerts

Hey all! Hope you are doing well. I have a playbook that triggers creates incident ticket to a third party incident management software. I have been trying to figure out how to include the details o...

GaryBushey
Jan 18, 2022
gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)
2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF. I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.

With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.

GaryBushey

Bronze Contributor

Jan 18, 2022

gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)

2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF. I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.

With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.

gbenga_crown
Copper Contributor
Jan 18, 2022
Thanks very much GaryA

Forum Discussion

details of connectors triggering alerts

Resources