Mar 16 2021 10:47 AM
I would like to set-up the following:
1) Email alerts any time a new incident is auto generated "Create incidents based on all alerts generated." template.
I've tried using the "When a response to an Azure Sentinel alert is triggered" step in Logic App, and it would work if I got to the incident and click "Run Playbook". However, when new incidents pop up, the playbook isn't triggered. Is there something I am missing?
Mar 16 2021 11:11 AM
Mar 16 2021 11:27 AM
As @TeachJing mentions, the Analytics Rule must be modified to include the Playbook on the Automated Response tab (shown below).
Apr 01 2021 02:19 AM