Forum Discussion

Hogank's avatar
Hogank
Copper Contributor
Mar 11, 2021

Alert - Get incident Error when attempting to Auto Remediate Cloud App Security Alerts

Following the creation of a LogicApp to auto remediate Cloud App Security alerts, I receive the following error for the Alert - Get incident:  {     "statusCode": 404,     "headers": {        ...
Thijs Lecomte's avatar
Thijs Lecomte
Bronze Contributor
Hi

Could you share what you are providing as input in the Get Incident step?

Just double checking: There is an incident for this alert (viewable from the GUI?)
Hogank's avatar
Hogank
Copper Contributor
Mar 24, 2021
Anything?
  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Mar 25, 2021
    Can you share the details of that step.
    This is my code for my Get-Incident
    "Alert_-_Get_incident": {
    "inputs": {
    "host": {
    "connection": {
    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
    }
    },
    "method": "get",
    "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
    },
    "runAfter": {},
    "type": "ApiConnection"
    },


    I don't think you are passing the right parameters within your Get-Incident action

Resources