@Smittydude8822 

The KQL needed would be something based on this

SecurityIncident
| summarize arg_max(TimeGenerated,*) by tostring(IncidentNumber)
| extend Alerts = extract("\\[(.*?)\\]", 1, tostring(AlertIds))
| mv-expand AlertIds to typeof(string)
| join 
(
    SecurityAlert
    | extend AlertEntities = parse_json(Entities)
    | mv-expand AlertEntities
) on $left.AlertIds == $right.SystemAlertId
| summarize AlertCount=dcount(AlertIds), entityList=make_set(tostring(AlertEntities.Type)) by IncidentNumber, Status, Severity, Title,  Alerts, IncidentUrl, Owner=tostring(Owner.userPrincipalName) , Tactics =tostring(AdditionalData.tactics), tostring(Labels),tostring(Comments), tostring(Labels)
// set column order
| project IncidentNumber, Severity, Status, AlertCount,Owner, Title, Alerts, entityList, Tactics, IncidentUrl, Comments, Labels
| order by IncidentNumber desc

 
You'd probably insert a new line 2 to filter the Incident from the Playbook data. 

SecurityIncident
| where IncidentNumber =="12345"
| summarize arg_max(TimeGenerated,*) by tostring(IncidentNumber)
...

There are some pdf add-ins for Playbooks, which I've seen used to then take this output and email to the person. 

High Level idea

Recurrence trigger --> "Run Query and visualize results" --> use a convert to pdf option supported by Logic Apps - Send via email