Forum Discussion
Solved
Simplest way to get email notifications for Analytics Rules
Taking over for a recent employee departure and totally new to the Azure Sentinel space. A couple years of Azure experience so I can get around. I see that the previous admin enabled a bunch of a...
- The easiest way would be to create a small playbook that generates and sends an email on incident/alert generation. There is an example here - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-email-with-formatted-incident-report (I haven't used it personally but there are a heap of examples around).
Then in your analytics rule create an automation rule that triggers the playbook on alert generation.
The easiest way would be to create a small playbook that generates and sends an email on incident/alert generation. There is an example here - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-email-with-formatted-incident-report (I haven't used it personally but there are a heap of examples around).
Then in your analytics rule create an automation rule that triggers the playbook on alert generation.
Then in your analytics rule create an automation rule that triggers the playbook on alert generation.
m_zorich Do you have this playbook by any chance? I had a edited version of this one myself where I added another row to show entities but deleted the whole playbook by mistake when deleted the resource group. Now I can't find the original version of this playbook anymore.
- You should be able to find that playbook in "Sentinel SOAR Essentials" in the Content Hub.
