cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

details of connectors triggering alerts

gbenga_crown
Copper Contributor

‎Jan 18 2022 03:30 AM

‎Jan 18 2022 03:30 AM

details of connectors triggering alerts

Hey all! Hope you are doing well. I have a playbook that triggers creates incident ticket to a third party incident management software.

I have been trying to figure out how to include the details of the connector from where the alert is triggered.

This is not presently featured on the logic apps and if I were to raise a feature request, how do I go about it?

Thanks

731 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by gbenga_crown (Copper Contributor)
Gary Bushey

‎Jan 18 2022 03:54 AM

‎Jan 18 2022 03:54 AM

Solution

Re: details of connectors triggering alerts

@gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)

2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF.  I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.

 

With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.

0 Likes
Reply
gbenga_crown

‎Jan 18 2022 04:15 AM

‎Jan 18 2022 04:15 AM

Re: details of connectors triggering alerts

Thanks very much @GaryA
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by gbenga_crown (Copper Contributor)
Gary Bushey

‎Jan 18 2022 03:54 AM

‎Jan 18 2022 03:54 AM

Solution

Re: details of connectors triggering alerts

@gbenga_crown 1) The place to ask for enhancements is Microsoft Sentinel · Community (azure.com)

2) It may be a difficult request since multiple connectors can feed to a single table (think of all the data connectors that populate Syslog and CEF.  I stopped counting the OOTB connectors that publish to CEF (16 when I stopped) and Syslog (5 when I stopped) so you can see what kind of an issue this could be.

 

With those aside, what you could do in the meantime is use a Watchlist to do a mapping of the Analytics rule to the Connector or the table to the connector and query that as part of your Logic App.

View solution in original post

0 Likes
Reply