cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Send email or Teams message when incident has not been solved within SLA

Nexxic
Copper Contributor

‎Jul 02 2020 05:56 AM

‎Jul 02 2020 05:56 AM

Send email or Teams message when incident has not been solved within SLA

Hi,

I was curious as to if there is a solution to automatically send a message to Teams or to a specific mailbox if an incident has not been solved, or if it's not been assigned within a specific time limit. I'm setting up Sentinel for a customer, and they would like this functionality to track the incident management and follow up on SLA's. 

I was thinking about setting up a playbook to run once a day to check when an incident was generated and if it was generated over x hours ago, send an email to Teams. Is it possible to get the time-generated from the API-integration with Sentinel, or is there a better way of solving this?

899 Views
0 Likes
2 Replies
Reply
2 Replies
Thijs Lecomte

‎Jul 02 2020 06:12 AM

‎Jul 02 2020 06:12 AM

Re: Send email or Teams message when incident has not been solved within SLA

It would be possible to do this through a Logic App and query all the latest alert (can be done through the security graph https://docs.microsoft.com/en-us/graph/api/alert-list?view=graph-rest-1.0&tabs=http and there you can filter on time created)

But I would advise to just push the alerts to their ticketing system as they will return into limitations this way
0 Likes
Reply
Ofer_Shezaf

‎Jul 05 2020 05:26 AM

‎Jul 05 2020 05:26 AM

Re: Send email or Teams message when incident has not been solved within SLA

@Nexxic

 

A feature that will have incident data *and updates* available in the worksapce is expected shortly. This would allow you to write a rule to do just what you need.


~ Ofer 

0 Likes
Reply