Logic App in Sentinel

Occasional Visitor

Hi All,

I was wondering if there was anyway to create a Logic App in Sentinel to email an Incident Entity Line manger through Azure AD once an Incident is triggered. 

 

For example User Triggers Mass Download alert, the playbook would email the users manager making them aware 

1 Reply

You can use a logic app to send an e-mail to any e-mail address and attach this logic app to an automation trigger for an incident or alert rule. Then I suppose you want to add the different entities from the incident to logic app variables and use this info to query AAD for information and then use this dynamic content to construct an email.

Let me know how it works out for you.

 

/Kenneth ML