Forum Discussion
AutomationMan
Aug 18, 2020Copper Contributor
Writing rules for legacy server feeds
Hi, I'm new to Sentinel with my only real experience being the MS Sentinel Ninja training. I have a list of events from an existing SIEM that I need to replicate in Sentinel using data coming from...
- Aug 24, 2020Hi
For the schedules, I would do it another way
You could write a script which runs a query for you and then shoots an email.
That is probably the preferred way as you are looking for reporting, not alerting.
For emails, it's true Logic Apps is the only way. For something simple as email, I agree that it's a bit of a hassle to go through
Uploading TI's is also possible through API, which might be easier for a few quick tests
Thijs Lecomte
Aug 25, 2020Bronze Contributor
Have fun on your journey 😉
Check out the this blog for more info btw:
https://secureinfra.blog/2020/08/04/azure-sentinel-sending-an-email-each-morning-with-the-list-of-daily-incidents-created/
Check out the this blog for more info btw:
https://secureinfra.blog/2020/08/04/azure-sentinel-sending-an-email-each-morning-with-the-list-of-daily-incidents-created/
AutomationMan
Aug 25, 2020Copper Contributor
Thijs Lecomte Thanks for that! Its that sort of example stuff that's helpful to see how or better ways to do things when you are new to the language.
Cheers