Forum Discussion

akshay250692's avatar
akshay250692
Brass Contributor
Jul 26, 2023

Custom Entity Mapping

I written below KQL  with help from community but not able to create custom entity in Set Rule Logic. I need to mapping FailedAttempt field but no option in entity field.   let threshold=2; let a...
KQL
  • GBushey's avatar
    GBushey
    Jul 27, 2023
    If you need to have the entity usable in an Automation rule, just select one of the existing entities and assign your field to it, just make sure to select one that the Automation rule could use.
akshay250692's avatar
akshay250692
Brass Contributor
We have set automation playbook for above alert so custom field is not caturing in automation.
GBushey's avatar
GBushey
Icon for Microsoft rankMicrosoft
Jul 27, 2023
If you need to have the entity usable in an Automation rule, just select one of the existing entities and assign your field to it, just make sure to select one that the Automation rule could use.
  • akshay250692's avatar
    akshay250692
    Brass Contributor
    Jul 27, 2023
    This is the issue. If you see in screenshot if i select process then no filed is related to failed login attempt.
    • GBushey's avatar
      GBushey
      Icon for Microsoft rankMicrosoft
      Jul 27, 2023
      The Automation rule has a condition called "Custom details key". You can create a custom entity that will contain your field and then, in the Automation rule, select "Custom details key" that equals your custom entity name. Then another field called "Custom details value" gets created and you can use that to compare your value.
      • akshay250692's avatar
        akshay250692
        Brass Contributor
        Jul 27, 2023
        no option for "when alert is triggered".

Resources