Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook can reduce burden on the SOC by offloading alert verification to IT admins for specific analytics rules. It is triggered when a Microsoft Sentinel alert is generated, creates a message (and associated notification email) in the workload owner's Microsoft Teams channel containing details of the alert. If the workload owner responds that the activity is not authorized, the alert will be converted to an incident in Microsoft Sentinel for the SOC to handle.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Microsoft Business Applications |
| Source | View on GitHub |
This playbook uses 4 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 0 |
azuresentinel_1 |
Managed | 0 | 2 |
office365 |
Managed | 1 | 3 |
teams |
Managed | 1 | 0 |
azuresentinel_1 (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Add_alert_to_incident | post | /Incidents/Relation/Create |
— |
| Create_incident | put | /Incidents/subscriptions/@{triggerBody()?['workspaceInfo']?['SubscriptionId']}/resourceGroups/@{triggerBody()?['workspaceInfo']?['ResourceGroupName']}/workspaces/@{triggerBody()?['workspaceInfo']?['WorkspaceName']} |
— |
office365 (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Send_an_email_escalation_due_to_timeout | post | /v2/SharedMailbox/Mail |
— |
| Send_an_email_from_a_shared_mailbox_(V2) | post | /v2/SharedMailbox/Mail |
— |
| Send_an_email_notification_of_failure | post | /v2/SharedMailbox/Mail |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks · Back to Microsoft Business Applications