May 20 2022 03:22 AM
Hi all,
We're looking at a way to make life easier by automating the closure of EDR alerts from Sentinel. Using Logic Apps or another method, is it possible to close an 'Incident' in Sentinel, which then triggers an API request towards the EDR?
Thanks,
Tom
May 20 2022 03:34 AM
Create a Automation rule to do both steps, also select which Analytics this applies to:
1. Close - using Change Status Action
2. Then Run a Playbook (Logic app) to handle the REST api
May 20 2022 03:50 AM