Forum Discussion
Solved
Include Additional Entities Detail in Email
Hey all, I am relatively new to Sentinel and I've run across a situation I can't seem to resolve. I've enabled the "SentinelIncident" automation rule and I've configured it to run the 'Send-ema...
- Two options:
1. You can amend the Playbook to run a new KQL query to do the UPN lookup and geo lookup https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/geo-info-from-ip-address-function
2. You can disable the atypical travel alert with an Automation Rule, then write run your own version of Atypical travel with all the enrichments you need and call the playbook from that
There are loads of resources on Learn (which I think you've seen) especially in the reference section: https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
Pluralsight and Udemy (and others) have courses, but I've not done them so dont have a recommendation.
Module 9 of https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310 will also help - with a video
Pluralsight and Udemy (and others) have courses, but I've not done them so dont have a recommendation.
Module 9 of https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310 will also help - with a video
Once again, thank you for the help. I'll dig around in this and see if there are some answers.
TY
~dgm~