Forum Discussion
Microsoft Sentinel and EDR API Integration
Hi all,
We're looking at a way to make life easier by automating the closure of EDR alerts from Sentinel. Using Logic Apps or another method, is it possible to close an 'Incident' in Sentinel, which then triggers an API request towards the EDR?
Thanks,
Tom
Create a Automation rule to do both steps, also select which Analytics this applies to:
1. Close - using Change Status Action
2. Then Run a Playbook (Logic app) to handle the REST api- Hi Clive,
Thanks for your input! I'll give it a go and see if we can develop something. Be cool to see how much our teams can do with Sentinel 🙂
Thanks,
Tom
