Send email or Teams message when incident has not been solved within SLA

Highlighted
New Contributor

Hi,

I was curious as to if there is a solution to automatically send a message to Teams or to a specific mailbox if an incident has not been solved, or if it's not been assigned within a specific time limit. I'm setting up Sentinel for a customer, and they would like this functionality to track the incident management and follow up on SLA's. 

I was thinking about setting up a playbook to run once a day to check when an incident was generated and if it was generated over x hours ago, send an email to Teams. Is it possible to get the time-generated from the API-integration with Sentinel, or is there a better way of solving this?

2 Replies
Highlighted
It would be possible to do this through a Logic App and query all the latest alert (can be done through the security graph https://docs.microsoft.com/en-us/graph/api/alert-list?view=graph-rest-1.0&tabs=http and there you can filter on time created)

But I would advise to just push the alerts to their ticketing system as they will return into limitations this way
Highlighted

@Nexxic

 

A feature that will have incident data *and updates* available in the worksapce is expected shortly. This would allow you to write a rule to do just what you need.


~ Ofer