Send basic email
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will be sending email with basic incidents details (Incident title, severity, tactics, link,…) when incident is created in Microsoft Sentinel.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SentinelSOARessentials |
| Source | View on GitHub |
Additional Documentation
📄 Source: Send-basic-email/readme.md
Send-basic-email
author: Benjamin Kovacevic
Summary
This playbook sends an email with basic incident details (such as incident title, severity, tactics, and a direct link) when an incident is created in Microsoft Sentinel.
Prerequisites
- A Microsoft 365 account to send email notifications (the user account will be used in the O365 connector for sending emails).
Deployment instructions
- To deploy the playbook, click the Deploy to Azure button below. This will launch the ARM Template deployment wizard.
- Fill in the required parameters:
- Playbook Name
- M365 Email Address
Post-deployment Instructions
a. Authorize connections
Once deployment is complete, authorize each connection.
- Open the Logic App in the Azure portal.
- Click O365 connector resource
- Click edit API connection
- Click Authorize
- Sign in
- Click Save
- Repeat steps for other connections
Note: The email will be sent from the user who creates the connection.
b. Attach the playbook
- In Microsoft Sentinel, configure an automation rule to trigger this playbook when an incident is created. - Learn more about automation rules
- Enable the playbook if it is disabled by default before assigning it to the automation rule.
Screenshots
Playbook
Email
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊