cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel - Scheduled Search

Yasta190
Copper Contributor

‎Jan 19 2021 02:39 AM - last edited on ‎Apr 08 2022 10:42 AM by

‎Jan 19 2021 02:39 AM - last edited on ‎Apr 08 2022 10:42 AM by

Azure Sentinel - Scheduled Search

Hi everyone,

 

I need to create a report on Azure Sentinel that will send its results to selected group of email addresses, once a week.

 

Does anyone knows how can I achieve that, and if it is even optional?

 

** Analytics rule is not an option, as it creates an incident. 

 

Thanks ! 

Labels:
1,028 Views
0 Likes
1 Reply
Reply
1 Reply
CliveWatson

‎Jan 19 2021 07:01 AM

‎Jan 19 2021 07:01 AM

Re: Azure Sentinel - Scheduled Search

@Yasta190 

 

1. Create an Azure Monitor Alerts rule, send to an Action group that has the emails required.

or

2. Create a Logic App (Azure Sentinel Playbook); define a 'recurrence" trigger, and run the KQL, and email.  Also note, the Rule can trigger a Playbook that sends the email each time the Incident fires (use the Sentinel trigger rather than 'recurrence')

 

 

Screenshot 2021-01-19 145902.jpg

0 Likes
Reply