Retrieve Alert from Microsoft Sentinel and Trigger a Blink Workflow via Webhook
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Send a webhook request to a Blink workflow trigger whenever a new alert is created in Microsoft Sentinel
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | BlinkOps |
| Source | View on GitHub |
Additional Documentation
📄 Source: Sentinel-Alert-Handler/readme.md
Sentinel Alert Trigger
Summary
This playbook automatically triggers when a Microsoft Sentinel alert is created, and sends a structured HTTPS POST request to Blink. The integration enables seamless coordination between Sentinel alerts and Blink automation workflows, allowing for rapid alert response, ticketing, notification dispatch, or any custom workflow configured in Blink.
Prerequisites
Before deploying this playbook, ensure the following prerequisites are completed:
- Create an Event-Based Workflow in Blink that is configured to trigger via webhook.
- Note down the following required value from Blink: - Blink Webhook Full URL – the full HTTPS endpoint URL to trigger your Blink workflow.
Deployment Instructions
To deploy the playbook into your Azure environment:
- Click the Deploy to Azure button below to launch the ARM Template deployment wizard.
- Provide the following required parameters:
-
Playbook-Name: Choose a clear and descriptive name for the Logic App (e.g.,Sentinel Alert Hanlder). -Blink-Webhook-Full-URL: Paste the full webhook URL from your Blink workflow.
Post-Deployment Instructions
Once the playbook is deployed successfully, follow these steps to connect it with Microsoft Sentinel's automation rules:
Create Automation Rule for Alert Created
- Go to: Microsoft Sentinel > Configuration > Automation.
- Click + Create > Automation rule.
- Fill in the following:
- Name: e.g.,
Notify Blink when new alert is created. - Trigger: Select
When alert is created. - Conditions: Leave default unless you want specific filters.
- Actions: Choose
Run playbook. - Playbook: Select your deployed playbook (e.g.,
Sentinel Alert Handler). - Click Apply.
Support
For guidance on integrating Blink with other tools and services, visit the official Blink Documentation.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊