Forum Discussion
Solved
Simplest way to get email notifications for Analytics Rules
Taking over for a recent employee departure and totally new to the Azure Sentinel space. A couple years of Azure experience so I can get around.
I see that the previous admin enabled a bunch of analytics rules and I want to get notifications for some of them. For instance, 'Azure VM Deletion' is something I'd like an email about. I don't see anything in the rule to enable alert notifications. Thoughts?
TIA
~DGM~
- The easiest way would be to create a small playbook that generates and sends an email on incident/alert generation. There is an example here - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-email-with-formatted-incident-report (I haven't used it personally but there are a heap of examples around).
Then in your analytics rule create an automation rule that triggers the playbook on alert generation.
4 Replies
- Great, thank you. This looks entirely doable - even by a rookie like me.
- The easiest way would be to create a small playbook that generates and sends an email on incident/alert generation. There is an example here - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-email-with-formatted-incident-report (I haven't used it personally but there are a heap of examples around).
Then in your analytics rule create an automation rule that triggers the playbook on alert generation.- You should be able to find that playbook in "Sentinel SOAR Essentials" in the Content Hub.
