cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Sentinel Playbook Error

CyberKing
Occasional Contributor

‎Apr 20 2023 01:12 AM - edited ‎Apr 24 2023 05:00 AM

‎Apr 20 2023 01:12 AM - edited ‎Apr 24 2023 05:00 AM

Sentinel Playbook Error

Hi, for some time now I've been learning Sentinel and creating playbooks. Could someone explain how to do it in this particular case?

 

 
 
I am not able to proccess forward as I am missing AD info from query? How can I fix it?
is any way to add AD ID or principal name? or modify query?
 
CyberKing_1-1681978139195.png

 

Labels:
308 Views
0 Likes
2 Replies
Reply
2 Replies
GBushey

‎Apr 20 2023 05:54 AM

‎Apr 20 2023 05:54 AM

Re: Sentinel Playbook Error

It looks like the "EmailEvents" table contains the Email address of the user (although I am not sure if you can use that to get a user's information or not). You can do a join on the "NetworkMessageId" column
0 Likes
Reply
best response confirmed by CyberKing (Occasional Contributor)
samikroy

‎Apr 21 2023 06:35 AM

‎Apr 21 2023 06:35 AM

Solution

Re: Sentinel Playbook Error

Actually, breaking the problem would help here
Have a look at the logic app run history and look at the output parameters for Entities - Get Accounts steps and that should give you the dynamic field for email.
0 Likes
Reply