cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sentinel Playbooks Logic Apps

idontknowanything
Copper Contributor

‎Aug 15 2022 08:03 AM

‎Aug 15 2022 08:03 AM

Sentinel Playbooks Logic Apps

Hello,

 

I'm creating a playbook for some of the alerts. For example if an alert comes in, it has an entity such as email address of the user then it should send an approval email to that email that is in the entity.

 

So far I have in the Logic app designed: 

 

Microsoft Sentinel Alert (Preview) > Alert - Get incident > Send approval email but in the send approval email stage the "to" section I don't want a specific email but I want that email that is in the incident entity. 

Thank you!

Labels:
Preview file
22 KB
1,151 Views
0 Likes
1 Reply
Reply
1 Reply
mikhailf

‎Aug 16 2022 07:26 AM

‎Aug 16 2022 07:26 AM

Re: Sentinel Playbooks Logic Apps

Hello @idontknowanything,

 

You can use "Parse JSON" where in the Content field put "Entities". 

This will allow you to parse entities based on the schema that you put in the Schema field. 

 

Check the first comment here: Parsing Entities from Azure Sentinel incident into Logic Apps for sending email - Microsoft Tech Com...

It has a detailed explanation.

0 Likes
Reply