Help me add a column from sentinel logs into Analytic rule alert.

NastyNoah03 · ‎Nov 20 2023

Hello all,

I created an analytic rule that I want to pull data from and push into an automated email alert.

I already have a playbook where it automatically sends an email alert to me when the criteria is met.

Attached is a screenshot of the data field I want to pull, and there is also a screenshot of the alert that is sent to me that I wish to include the log information, as well as a screenshot of the logic app that makes the alert.

My theory is that I have to modify the dynamic content inside of my logic app used to send out the automatic alert?

Any guidance or answers on this would be greatly appreciated.

Thanks

NastyNoah03 · ‎Nov 21 2023

Hi, is the data filed an entity you wish to use, this article is a great primer on how to do that. https://techcommunity.microsoft.com/t5/microsoft-sentinel/parsing-entities-from-azure-sentinel-incid...
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincide...
and
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-enrich-ip-information

You also have the option to do a Logs Query in the Logic App in a seperate step to extract any other data you might need.

Products (52)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Help me add a column from sentinel logs into Analytic rule alert.

Help me add a column from sentinel logs into Analytic rule alert.

Re: Help me add a column from sentinel logs into Analytic rule alert.