Forum Discussion
E-mail Alert Upon Creation of New Incident
I would like to set-up the following: 1) Email alerts any time a new incident is auto generated "Create incidents based on all alerts generated." template. I've tried using the "When a response...
This scenario has now been made considerably easier with the use of Automation Rules.
https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules
No longer do you have to set the automation action on every analytic rule, but you can now also get email notifications for incidents generated by all rule types (Fusion, Microsoft Security and ML Behaviour Analytics).
Just remember you will have to amend the playbook trigger to "When Azure Sentinel incident creation rule was triggered"
https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules
No longer do you have to set the automation action on every analytic rule, but you can now also get email notifications for incidents generated by all rule types (Fusion, Microsoft Security and ML Behaviour Analytics).
Just remember you will have to amend the playbook trigger to "When Azure Sentinel incident creation rule was triggered"