Forum Discussion
Email into Incident
Hello All, I am trying to build a logic app that will give me the ability to turn an email into an incident to be triaged via automation. Obviously this can be done manually, but looking to autom...
You can use a Playbook (Logic App) to call the create Incident api from an email trigger, using the HTTP connector
https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/incidents/create-or-update?tabs=HTTP
and
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/understanding-api-connections-for-your-microsoft-sentinel/ba-p/2593973#:~:text=Microsoft%20Sentinel%20The%20Microsoft%20Sentinel%20connector%20can%20be,to%20get%20incidents%2C%20update%20incidents%2C%20update%20watchlists%2C%20etc.
https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/incidents/create-or-update?tabs=HTTP
and
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/understanding-api-connections-for-your-microsoft-sentinel/ba-p/2593973#:~:text=Microsoft%20Sentinel%20The%20Microsoft%20Sentinel%20connector%20can%20be,to%20get%20incidents%2C%20update%20incidents%2C%20update%20watchlists%2C%20etc.
Thank you for this! I will take a look to see if this will work for our organization.
Thank you again for your direction.
