SendEmailonRSAIDPlusAlert

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Sends an email notification when an RSA ID Plus analytic rule triggers. This playbook can be linked via automation rules.

Attribute	Value
Type	Playbook
Solution	RSAIDPlus_AdminLogs_Connector
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`office365`	Managed	1	1

Action parameters (URLs, paths, function IDs)

`office365` (Managed)

Action	Method	Endpoint	Other
Send_an_email_(V2)	post	`/v2/Mail`	—

Additional Documentation

📄 Source: SendEmailOnRSAIDPlusAlert/readme.md

Summary

This playbook sends email when an alert is generated.

Deployment instructions

To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
Fill the below parameters:
- Subscription: Azure Subscription ID which is present in the subscription tab in Microsoft Sentinel.
- Resource Group: The Azure Resource Group name in which you want to deploy the Logic App.
- Playbook Name: Enter the playbook name
- Receiver Email Id: Enter the receiver email id to receive the email
- Sender Email Id: Enter the sender email id to send the email

Post-Deployment instructions

Configurations in Microsoft Sentinel

In Microsoft Sentinel, analytics rules should be configured to trigger an alert.

Add your deployed logic app in analytic rule to be trigger on every generated alert, to do this follow below steps

Select the analytic rule you have deployed.

Click on Edit

Go to Automated response tab

Click on Add new

Provide name for your rule, In Actions dropdown select Run playbook

In second dropdown select your deployed playbook

Click on Apply

Save the Analytic rule.