Email data parsing

Question

Hello, recently I was trying to get data of my azure sentinel alerts on my email using playbook but the main issue is how to get the desired field in the email.

thijs lecomte · Answer

Have you tried using the 'Parse JSON' in Logic Apps and giving it the output of the 'A new Sentinel Event is created'?This will enable you to use the different fields really easy in next steps

yanivsh · Answer

Aalekh&nbsp;
&nbsp;
Also we can add @Jon Nordström azure function that is more cost effective and tested in large scale &nbsp;
https://github.com/OfficeDev/O365-ActivityFeed-AzureFunction/tree/master/Sentinel/msgtrace
&nbsp;
here is the data schema
&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;

thijs lecomte · Answer

YanivSh&nbsp;Does this means you guys recommend using Functions instead of Logic Apps?

yanivsh · Answer

Thijs Lecomte&nbsp;this is two different method that works with the same exchange API.&nbsp;
if dealing with transferring a lot of data, function will be more cost effective.
logic app has its own advantages, like debugging.

Forum Discussion

Email data parsing

Share