Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Trigger a playbook on an incident via API?

Copper Contributor

We can trigger playbooks manually on an incident from the incident page, but is it possible to do this via an API? The goal is to produce some sort of playbook chaining without having to build complex playbooks that are error prone.

 

Any input appreciated!

6 Replies
YOu mean triggering playbooks through an API?

You should be sending an HTTP request to the logic app
https://docs.microsoft.com/en-us/users/register?redirectUrl=https%3A%2F%2Fdocs.microsoft.com%2Fen-us...

HI@wadstromdev 

 

Yes, you can build a Playbook which trigger is when an HTTP POST is received. As you can see in the screenshot below, you get the URL that you should use in your POST call. You can then execute this POST call from another LogicApp/Playbook.

 

Does that answer your question?logicapp post.PNG

@wadstromdev

 

Running multiple playbooks when a rule triggers will be available real soon now.

Also, you probably refer to alert triggers (manual or automated) as those are available today. Incident triggers are expected in the near future.

~ Ofer

@Javier Soriano sorry for the late reply. That seems like a good alternative, although not exactly what I'm after. Do you have any more details on the request body JSON schema or a link with more information so that I can poke around a bit more? :)

@Ofer_Shezaf that's nice to hear that running multiple playbooks will be available soon, will be a welcome addition!


What I'm asking for here is an API-version of this button:

wadstromdev_0-1589543909761.png

Which is found after clicking here on an incident alert page:

wadstromdev_1-1589544008347.png

 

For example being able to trigger the playbook by sending a request to an API-endpoint and specifying the workspace, resource group, incident id or number, and the name or id of the playbook. Makes sense? :)

@wadstromdev : gotcha. today you will have to use a webhook and fetch the incident information using the API. We will look into this request for the future.

 

Thanks!

~ Ofer