Forum Discussion
Sentinel alerts stopped running playbooks
I have at least four instances of Sentinel where the alerts create the incidents but don't run the associated playbooks. This seemed to have started somewhere around Dec 30th. There are no failed run...
leoszalkowski I've seen your post and the problem looks quite similar.
The playbook would not work if one triggers the "Sentinel Alert" manually because is missing the data from the alert itself. For this reason, when used from the Incident details interface, the playbook works because it is receiving the alert details.
I don't think this is a problem with the playbooks as they are not showing with failed runs. Most likely is an issue with the Azure Sentinel Logic App trigger (that's still in Preview mode). I will create a new playbook from scratch and see if it makes any difference.
AdiGrio You're probably right. That's probably why the raw output of the trigger block isn't populating properly.