Help me add a column from sentinel logs into Analytic rule alert.

Copper Contributor

Alert.jpgComputer Name.jpgLogic App.jpgHello all,

I created an analytic rule that I want to pull data from and push into an automated email alert.

I already have a playbook where it automatically sends an email alert to me when the criteria is met.

Attached is a screenshot of the data field I want to pull, and there is also a screenshot of the alert that is sent to me that I wish to include the log information, as well as a screenshot of the logic app that makes the alert.

My theory is that I have to modify the dynamic content inside of my logic app used to send out the automatic alert?

Any guidance or answers on this would be greatly appreciated.


1 Reply
best response confirmed by NastyNoah03 (Copper Contributor)
Hi, is the data filed an entity you wish to use, this article is a great primer on how to do that.

You also have the option to do a Logs Query in the Logic App in a seperate step to extract any other data you might need.