Closing alerts in Azure Sentinel does not automatically close in Cloud App Security console

Occasional Contributor

We have both Cloud App Security and Azure Sentinel deploy on the environment. When we get alerts from Cloud App Security to Azure Sentinel, we overlook the incidents and close them accordingly. When we do this same alert generated in Cloud App Security side is not being closed. This leads for duplication of jobs where engineer need to close the alert both in Cloud App Security and Azure Sentinel. 

 

Is there a way when we resolve an incident on Sentinel side it's related alerts to be closed in Cloud App Security side?

2 Replies
This capability is coming.

However, in the interim there's a Playbook available that will accomplish this for you: https://cda.ms/2yq
Thanks Rodtrent. Let me check on this Playbook on customer's environment.