cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sentinel Playbook with incident trigger issue

rudite460
Copper Contributor

‎Mar 03 2023 07:28 AM

‎Mar 03 2023 07:28 AM

Sentinel Playbook with incident trigger issue

Hello Community !

 

I have a set of playbooks to run automatically when an incident is created - using "When Azure Sentinel incident creation rule was triggered" or "Microsoft Sentinel incident" triggers.

So far it's been working well without issues, until today.

 

In my case, im creating incident based on this API : https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/incidents/create-or-update?tabs=...

 

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi...

 

Inside the logic app page for the playbook, there is no errors that appear !

It just seems like the logic app just doesn't fire.
However, I can run it manually, by selecting my incident, then "Run playbook".

 

Thank you for your help

 

Labels:
865 Views
0 Likes
1 Reply
Reply
1 Reply
KubaTom

‎Mar 03 2023 08:49 AM

‎Mar 03 2023 08:49 AM

Re: Sentinel Playbook with incident trigger issue

Have you checked if the incidents are actually being raised as normal? I started seeing similar issues this morning (UK South region), but they are not related to a logic app as such, but rather stem from the fact that no new incidents are being created, even though there are current valid alerts in the table.
0 Likes
Reply