Forum Discussion
Notification of Incident Assignment
Two Questions: 1. When you assign a ticket to an individual from the Sentinel Incidents - Is there any inbuilt notification features or do most people do this through Playbooks? 2. Is there ...
The easiest way to do this is to set up a Logic App that runs on a schedule (every few minutes) and runs a query against the SecurityIncident table; have it look for a "recently modified" timestamp and new assignment; the result can then be e-mailed.
The "Incident" tooling itself is fairly minimal but seems to be growing as a workflow. I'm a big fan of tailoring workflows for the business and what makes the most sense for the SOC/analysts working the incident.