Home

Trigger a Playbook on Sentinel Alert

%3CLINGO-SUB%20id%3D%22lingo-sub-369768%22%20slang%3D%22en-US%22%3ETrigger%20a%20Playbook%20on%20Sentinel%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369768%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI%20need%20to%20trigger%20a%20playbook%20to%20notify%20some%20contacts%20via%20email%20once%20a%20Sentinel%20alert%20has%20a%20match.%3C%2FP%3E%3CP%3EWhat%20I've%20tried%20so%20far%3A%3C%2FP%3E%3CP%3E-%20I've%20created%20an%20alert%20rule%20that%20shows%20a%20few%20matches%20in%20Analytics%20tab%20and%20corresponding%20cases%20were%20opened%20automatically.%3C%2FP%3E%3CP%3E-%20I've%20also%20used%20Logic%20App%20designer%20to%20create%20a%20playbook%20with%20%22%3CSPAN%3EWhen%20a%20response%20to%20an%20Azure%20Sentinel%20alert%20is%20triggered%22%20as%20a%20trigger%20and%20%22Send%20email%22%20as%20an%20action%2C%20no%20email%20was%20ever%20received%2C%20actually%20the%20playbook%20was%20never%20triggered.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20how%20can%20I%20get%20Sentinel%20to%20notify%20via%20email%20once%20an%20alert%20is%20raised.%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-376907%22%20slang%3D%22en-US%22%3ERe%3A%20Trigger%20a%20Playbook%20on%20Sentinel%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-376907%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F295744%22%20target%3D%22_blank%22%3E%40bornagainshell%3C%2FA%3E%20this%20should%20be%20available%20in%20preview%20in%20the%20next%20couple%20weeks.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F187254%22%20target%3D%22_blank%22%3E%40Koby%20Koren%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-369856%22%20slang%3D%22en-US%22%3ERe%3A%20Trigger%20a%20Playbook%20on%20Sentinel%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369856%22%20slang%3D%22en-US%22%3E%3CP%3EAlso%2C%20is%20there%20an%20ETA%20for%20this%20response%20automation%20(triggered%20playbooks)%20shown%20in%20the%20screenshot%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20454px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F89264i4A78EA4F23F4C055%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22coming%20soon.PNG%22%20title%3D%22coming%20soon.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-456717%22%20slang%3D%22en-US%22%3ERe%3A%20Trigger%20a%20Playbook%20on%20Sentinel%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-456717%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F16203%22%20target%3D%22_blank%22%3E%40Shalini%20Pasupneti%3C%2FA%3E%26nbsp%3BHas%20this%20preview%20been%20released%20yet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916619%22%20slang%3D%22en-US%22%3ERe%3A%20Trigger%20a%20Playbook%20on%20Sentinel%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916619%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F295744%22%20target%3D%22_blank%22%3E%40bornagainshell%3C%2FA%3E%26nbsp%3Bdid%20you%20manage%20to%20get%20this%20working%3F%20I'm%20still%20unable%20to%20get%20playbooks%20to%20run%20automatically%20when%20a%20sentinel%20alert%20is%20generated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E
bornagainshell
Occasional Contributor

Hello,

I need to trigger a playbook to notify some contacts via email once a Sentinel alert has a match.

What I've tried so far:

- I've created an alert rule that shows a few matches in Analytics tab and corresponding cases were opened automatically.

- I've also used Logic App designer to create a playbook with "When a response to an Azure Sentinel alert is triggered" as a trigger and "Send email" as an action, no email was ever received, actually the playbook was never triggered.

 

So how can I get Sentinel to notify via email once an alert is raised.

Thanks.

4 Replies

Also, is there an ETA for this response automation (triggered playbooks) shown in the screenshot?

 


coming soon.PNG

Thanks.

@bornagainshell this should be available in preview in the next couple weeks. @Koby Koren 

@Shalini Pasupneti Has this preview been released yet?

@bornagainshell did you manage to get this working? I'm still unable to get playbooks to run automatically when a sentinel alert is generated.

 

Thanks

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies