Forum Discussion
Email into Incident
Hello All,
I am trying to build a logic app that will give me the ability to turn an email into an incident to be triaged via automation. Obviously this can be done manually, but looking to automate as much as possible as well as save the evidence in the incident.
Any thoughts on how this could be achieved?
Thanks in advance for any help you can provide.
2 Replies
- You can use a Playbook (Logic App) to call the create Incident api from an email trigger, using the HTTP connector
https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/incidents/create-or-update?tabs=HTTP
and
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/understanding-api-connections-for-your-microsoft-sentinel/ba-p/2593973#:~:text=Microsoft%20Sentinel%20The%20Microsoft%20Sentinel%20connector%20can%20be,to%20get%20incidents%2C%20update%20incidents%2C%20update%20watchlists%2C%20etc.Thank you for this! I will take a look to see if this will work for our organization.
Thank you again for your direction.
