May 10 2024 06:23 AM - edited Jun 12 2024 08:58 AM
I'm endeavoring to manage incident responses in Sentinel using Logic Apps. However, I'm encountering a challenge: my COMPOSE action involves multiple JSON objects. One JSON contains information about the initiating user, the next about the affected user, and so forth. The issue arises when I attempt to send an email related to the incident, as the Logic App triggers multiple emails—one for each JSON object.
My goal is to consolidate this information into a single email, providing a comprehensive overview of the incident. For instance:
"Hello, [initiating user from JSON1],
Sentinel has detected an alarm due to your recent activity involving multiple users: [affected user 1 from JSON2], [affected user 2 from JSON 3], and [affected user 3 FROM JSON4].
May 17 2024 01:27 AM
May 27 2024 05:46 PM
Jun 12 2024 08:50 AM