Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Closing Sentinel Incident with logic App

Copper Contributor


I am trying to automate the closure of Sentinel Incident created via the API (no alert id related).

I have configured a logic app with an http event received task thats listen any API  request from a webhook server, and then, close the incident.

But I got an error when it comes to change the incident status in the logic app:

  "error": {
    "message""'EndTimeUtc' must be of kind Utc"
  "debugInfo""clientRequestId: e01cd4d3-1bac-4cc5-b548-43d948514a53"
Capture d’écran 2020-09-29 à 16.58.54.png
The incident with the number 79 is actually opened.
What did I miss?
2 Replies

@descof I wonder if there is something else going on.  I just got an error adding a comment to an incident which I have done numerous times before.  It was saying the subscription or the resource group was wrong but they are the exact same entries I have been using.

@Gary BusheyWe are also thinking about a problem while creating the incident via the API. We are looking if this is an internal issue or if we put the startTimeUtc, endtimeUtc in the wrong format..

edit: we tried to force the startTimeUtc, endtimeUtc but apparently Sentinel overwrite the values with its own. So we cant close a custom incident created with the api with logic app :(