Mar 18 2022 02:12 PM
Hi Folks,
I could get the playbook sending email to specific mailbox,But not to o365 user based on entity info with in Sentinel. I am thinking this email address needs to read from Azure AD. But how we put that as a logicapp is something missing. Any inputs are much appreciated.
Thanks
Senti
Mar 21 2022 02:47 AM
There is a native Azure AD connector in Logic Apps, so if you map the AAD User Object Id in your entity mapping you can then use that to get the user information such as email address.
First retrieve the entities from the incident, then use the connector to grab the user information.
Here is a little mock up for you. You can even grab their display name and pass that into the email too if you wanted.