Oct 09 2019
I am trying to create a simple playbook that whenever an ASC alert pops, it will send an email message.
In the designer, the flow looks like this:
1. When an Azure Security Center alert is created
2. Send an email (configured with the desired options).
The playbook is saved and shows as enabled, alerts are happening in ASC, yet no mails.
There is no frequency to the playbook showing, not sure if there should be.
The number of attempted runs is 0.
Why is the playbook not running?
Does the subscription and RG where the playbook was created matter in any way?
I feel like I'm missing something obvious but can't find it.
Thank for the assistance.
Oct 10 2019
@GabrielNecula Are you sending the alerts into Sentinel from ASC? If not, you would probably be better off posting this to the Azure Security Center group.