cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I need to send email to specific people when a particular incident is triggered in sentinel

deepak198486
Copper Contributor

‎May 07 2021 02:09 AM

‎May 07 2021 02:09 AM

I need to send email to specific people when a particular incident is triggered in sentinel

I have created a logic app where trigger is when a response to an Azure Sentinel alert is triggered.

Next step I have added  Send an email trigger. 

 

I have added the logic app to automated response of this particular incident.

Although incident is triggering but emails are not getting generated for notification.

 

What could be the possible reason for this?

1,382 Views
0 Likes
1 Reply
Reply
1 Reply
Gary Bushey

‎May 07 2021 04:46 AM

‎May 07 2021 04:46 AM

Re: I need to send email to specific people when a particular incident is triggered in sentinel

@deepak198486 This isn't really something we can answer with just that information since there could be a large number of reasons.   Any chance you can post at least an image of your workflow?

 

Also, you state that you are using the Alert trigger but assigning this to an incident.  Can you confirm that you are adding this to the Analytic rule and not through the Automation menu entry (which you shouldn't be able to do if you are using the Alert trigger).

 

Finally, if you are using the Alert trigger, you may want to think about rewriting it to use the Incident Trigger (unless you need to kick it off manually), as the Automation process is much easier than having to assign a playbook to individual Analytic rules.

1 Like
Reply