Is it possible to set up this playbook for a specific rule incident alarm?
I was wondering if a specific playbook setting is possible for the rules below RuleName : New Azure Sentinel incident - Authentication Attempt from New Country Read UserPrincipalName, set_IPAddress value when alarm occurs Automatically send mail to each user by identifying the user-specific mail address with UserPrincipalName and changing the recipient, ip value according to the specified mail formUsing the New-AzSentinelDataConnector cmdlet
I have tried using the New-AzSentinelDataConnector cmdlet to create or update a data connector. I have not fully gotten this solution working, trying to enable the Microsoft Entra ID data connector. To emphasise this point, these were the PowerShell commands I ran... $ResourceGroup = "rg-sentinel" $WorkspaceName = "ingested-data-sentinel" # Connect to Azure and return Tenant ID $Connection = Connect-AzAccount $TenantId = $Connection.Context.Tenant.Id # Create Data Connector (AAD/Entra ID) New-AzSentinelDataConnector -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -kind AzureActiveDirectory -TenantId $TenantID -Alerts Enabled The error output can be seen in the screenshot attached. Has anyone successfully deployed a data connector with this PowerShell cmdlet?
Integrating Jira with Sentinel via HTTP connector
Hello Community, I am having issues integrating Jira with Sentinel. I am connecting Sentinel incidents with Jira via the HTTP connector. The Jira V3 connector was not working due to an error regarding the reporter field, which I have no control over. My question is, why is the HTTP Connector not posting the incident when I manually run the playbook with an incident? It shows the run was successful, but the incident is not posted in the Jira queue.
Logic app to close adminstrative tasks
I am trying to create a logic app that closes adminstrative tasks in sentinel after checking Userprincipalname and IPaddress. It will also check if the userprincipalname exists in a watchlist at the same time. But this didn't seem to work, can i get any help here?
Not able to connect DevOps repository to Sentinel
Hello folks, I am trying to connect my DevOps repository to my Sentinel environment as part of an automation. I was able to connect 'GitHub' successfully though. But, I am getting the error {"Error while performing Azure DevOps repository fetch. Details: [TF400813: The user [redacted tenant admin] is not authorized to access this resource"} even after my URL getting accepted. I have made sure that I have 'Owner' access for Sentinel's RG and I am the 'Owner'and 'Project Administrator' of the organization for my DevOps account. Strangely, I never get to see my 'Organization' in the drop down menu. I also tried to 'Authorize' in the incognito window to make sure I am getting the correct account connection. Can anyone please help me out?
