cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Simplest way to get email notifications for Analytics Rules

DGMalcolm
Contributor

‎Nov 12 2021 07:12 AM

‎Nov 12 2021 07:12 AM

Simplest way to get email notifications for Analytics Rules

Taking over for a recent employee departure and totally new to the Azure Sentinel space. A couple years of Azure experience so I can get around.

 

I see that the previous admin enabled a bunch of analytics rules and I want to get notifications for some of them. For instance, 'Azure VM Deletion' is something I'd like an email about. I don't see anything in the rule to enable alert notifications.  Thoughts?

 

TIA

~DGM~

671 Views
1 Like
2 Replies
Reply
2 Replies
best response confirmed by DGMalcolm (Contributor)
m_zorich

‎Nov 13 2021 05:45 PM

‎Nov 13 2021 05:45 PM

Solution

Re: Simplest way to get email notifications for Analytics Rules

The easiest way would be to create a small playbook that generates and sends an email on incident/alert generation. There is an example here - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-email-with-formatted-incident-rep... (I haven't used it personally but there are a heap of examples around).

Then in your analytics rule create an automation rule that triggers the playbook on alert generation.
1 Like
Reply
DGMalcolm

‎Nov 15 2021 01:23 PM

‎Nov 15 2021 01:23 PM

RE: Simplest way to get email notifications for Analytics Rules

Great, thank you. This looks entirely doable - even by a rookie like me.
0 Likes
Reply