cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create a Playbook that sends an email to a user involved in an incident?

frank_df
Copper Contributor

‎Jun 29 2022 05:19 AM

‎Jun 29 2022 05:19 AM

How to create a Playbook that sends an email to a user involved in an incident?

Hello everybody,

 

I need to configure a Sentinel playbook to send emails to users when an incident is created regarding their account.

I have created a playbook that uses Identity Protection incidents creation as trigger but I'm not currently able to set the right parameter to address automatically the alert to the user the incident refers to.

I don't need to set an address statically but the playbook has to fetch the user email address from the incident automatically and use it as recipient.

Which parameter or expression should I use?

 

Francesco_Di_Fabio_0-1656504294561.png

I hope you can kindly help me with this.

 

Best regards.

Labels:
4,020 Views
0 Likes
4 Replies
Reply
4 Replies
rodtrent

‎Jun 29 2022 07:12 AM

‎Jun 29 2022 07:12 AM

Re: How to create a Playbook that sends an email to a user involved in an incident?

@frank_df You definitely need to get both the user name and the UPN from the Incident Entities. Something like the following...

 

upn.png

0 Likes
Reply
Prashali_Shinde

‎Feb 14 2023 11:30 PM

‎Feb 14 2023 11:30 PM

Re: How to create a Playbook that sends an email to a user involved in an incident?

Hey @frank_df, we are also looking for similar requirement, did you able to achieve this, if you are please let us know the playbook configuration, we tried to pull AAD user id and accounts UPN suffix but its not reflecting the email address.
0 Likes
Reply
frank_df

‎Feb 15 2023 03:17 AM

‎Feb 15 2023 03:17 AM

Re: How to create a Playbook that sends an email to a user involved in an incident?

@Prashali_Shinde 

Yes, I achieved that!
Here is my current configuration:

NB: I added a condition because I had to send an email or another according to the UPN suffix. You can skip straight to the last step ("send an email").

frank_df_0-1676459162947.png

frank_df_1-1676459848149.png

 

0 Likes
Reply
Prashali_Shinde

‎Feb 22 2023 01:37 AM

‎Feb 22 2023 01:37 AM

Re: How to create a Playbook that sends an email to a user involved in an incident?

Thank you so much @frank_df , will try with this.
0 Likes
Reply