jainshamu
Aug 05, 2021Copper Contributor
Parsing Entities from Azure Sentinel incident into Logic Apps for sending email
Hello,
We are trying to automate first level response for our Azure Sentinel Incidents, These Incidents have Custom Entities and we need to pass these Entities to Azure logic Apps so that this Entity details can be sent over an email to the End user using Logic App Connector "Send Approval Email".
This is how my Logic App looks in designer mode
Below is what we have configured in Send approval email step
None of these captures the Custom Entities that we have defined in our alert like EventID or TimeGenerated.
So 2 things that I can use some help with:
- How to capture Custom Entities ?
- how to parse Entities and Custom Entities for more readable format for end users who will receive this emails