Forum Discussion
Solved
Help me add a column from sentinel logs into Analytic rule alert.
Hello all, I created an analytic rule that I want to pull data from and push into an automated email alert. I already have a playbook where it automatically sends an email alert to me w...
- Hi, is the data filed an entity you wish to use, this article is a great primer on how to do that. https://techcommunity.microsoft.com/t5/microsoft-sentinel/parsing-entities-from-azure-sentinel-incident-into-logic-apps/m-p/2614388
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-enrich-ip-information
You also have the option to do a Logs Query in the Logic App in a seperate step to extract any other data you might need.
Hi, is the data filed an entity you wish to use, this article is a great primer on how to do that. https://techcommunity.microsoft.com/t5/microsoft-sentinel/parsing-entities-from-azure-sentinel-incident-into-logic-apps/m-p/2614388
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-enrich-ip-information
You also have the option to do a Logs Query in the Logic App in a seperate step to extract any other data you might need.
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-enrich-ip-information
You also have the option to do a Logs Query in the Logic App in a seperate step to extract any other data you might need.