User Profile

ryanksmith

Copper Contributor

Joined Sep 13, 2019

11 Posts

View All Badges

User Widgets

Recent Discussions

Re: Query Alert Status and Assigned User
Thanks GaryBushey I'll take a look, very surprised we cant query this without to jump though a bunch of hoops, I have been able in every other SIEM I have worked with.
Jan 30, 2020 Place Microsoft Sentinel
7.9KViews
0likes
1Comment
Query Alert Status and Assigned User
Looking to query to alerts/incidents that have not been assigned/picked up or to look at the current status (New/In Progress) to detect and alert on stale events. I use the following query to generate a list of all the SOC events the staff are looking at but I don't not see a User or Status field, anyone have a answer or work around to this one? SecurityAlert | where ProviderName == 'ASI Scheduled Alerts' or ProviderName == 'CustomAlertRule'
Jan 30, 2020 Place Microsoft Sentinel
8.1KViews
0likes
10Comments
Re: Azure Sentinel Logic App Action Incident ID
Thanks GaryBushey Still broke if I take the body from an API pull (which works) will call premier support this week now that its GA
Nov 10, 2019 Place Microsoft Sentinel
2.9KViews
0likes
1Comment
Re: Azure Sentinel Logic App Action Incident ID
GaryBusheyTried not luck, are you able to post your work flow, will tr y a few others once I get back into the office on Tuesday
Nov 09, 2019 Place Microsoft Sentinel
7.3KViews
0likes
8Comments
Re: Azure Sentinel Logic App Action Incident ID
GaryBusheydid you ever get this to work, can get it to write static comments but that's it.
Oct 22, 2019 Place Microsoft Sentinel
7.5KViews
0likes
14Comments
Re: Azure Sentinel Logic App write back to comment
GaryBushey - Looks like our errors are exactly the same, your bang on, static works fine something about the input throws it off
Oct 01, 2019 Place Microsoft Sentinel
4.7KViews
0likes
1Comment
Re: Azure Sentinel Logic App write back to comment
GaryBushey - yes here is how I have it setup:
Oct 01, 2019 Place Microsoft Sentinel
4.7KViews
0likes
3Comments
Re: Azure Sentinel Logic App write back to comment
Have moved the get Incident blade around, still get the same 400 error <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Bad Request</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request - Invalid URL</h2> <hr><p>HTTP Error 400. The request URL is invalid.</p> </BODY></HTML>
Sep 30, 2019 Place Microsoft Sentinel
4.8KViews
0likes
5Comments
Re: Azure Sentinel Logic App Action Incident ID
GaryBushey Are you able to post a screencap of what your add comment blade looks like? still can't get mine to work.
Sep 30, 2019 Place Microsoft Sentinel
7.6KViews
0likes
15Comments
Re: Azure Sentinel Logic App write back to comment
Thanks, GaryBushey Yes checked that, and ensured I have the Get Incident Blade as per Nicholas DiCola (SECURITY JEDI) Wondering if its an issue with my "For Each" will play with the order and see if that fixes it will post if successful
Sep 26, 2019 Place Microsoft Sentinel
4.8KViews
0likes
6Comments
Azure Sentinel Logic App write back to comment
Hi All, I am trying to write the output of a HTTP GET (Which works) to a comment in Sentinel, from my review it appears as if the ID's and Groups are set correctly but I am getting a Bad Request. Has anyone had any success writing back to comments (yes I know this is preview)
Sep 13, 2019 Place Microsoft Sentinel
5.1KViews
0likes
10Comments

Recent Blog Articles

No content to show