Create Servicenow tickets only for incidents above Medium Severity

Copper Contributor

Hi there - 

 

I deployed the following Logic App to open Servicenow tickets for Sentinel incidents and it works fine.

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Create-SNOW-record

 

However, there are many Informational and Low Severity Sentinel Incidents which we don't want to send to Servicenow - does anyone know how to modify the Logic App to meet this requirement?

 

Thanks,

Szabi 

1 Reply
I realise this is super old now but just in case anyone stumbles across this.

The way to resolve this would be to set the criteria at the automation rule level in Sentinel.

Trigger on all incidents where severity == Medium or seveirty == high

This way the playbook will only run when the incidnet hits those criteria in advance