Create alert based on no. of open incidents

Copper Contributor



Hoping someone can help... I'm looking to create an email notification based on if the number of open incidents is greater than X value. Has anyone achieved this or can provide pointers, or guidance in setting up a playbook or similar to achieve this? 


Thanks 🙂 

2 Replies



For looking at Incidents this may help Re: How to show amount of query results as entity on incident created in Azure Sentinel - Microsoft ...  you then you can use one of the two templates for an example Playbook to send the email

Screenshot 2021-10-21 130813.png

Perfect thanks @CliveWatson :smile: