Forum Discussion
Azure Sentinel - Scheduled Search
Hi everyone,
I need to create a report on Azure Sentinel that will send its results to selected group of email addresses, once a week.
Does anyone knows how can I achieve that, and if it is even optional?
** Analytics rule is not an option, as it creates an incident.
Thanks !
1 Reply
1. Create an Azure Monitor Alerts rule, send to an Action group that has the emails required.
or
2. Create a Logic App (Azure Sentinel Playbook); define a 'recurrence" trigger, and run the KQL, and email. Also note, the Rule can trigger a Playbook that sends the email each time the Incident fires (use the Sentinel trigger rather than 'recurrence')
