SendEmailonRSAIDPlusAlert
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Sends an email notification when an RSA ID Plus analytic rule triggers. This playbook can be linked via automation rules.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | RSAIDPlus_AdminLogs_Connector |
| Source | View on GitHub |
Additional Documentation
📄 Source: SendEmailOnRSAIDPlusAlert/readme.md
Summary
This playbook sends email when an alert is generated.
Deployment instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill the below parameters:
- Subscription: Azure Subscription ID which is present in the subscription tab in Microsoft Sentinel.
- Resource Group: The Azure Resource Group name in which you want to deploy the Logic App.
- Playbook Name: Enter the playbook name
- Receiver Email Id: Enter the receiver email id to receive the email
- Sender Email Id: Enter the sender email id to send the email
Post-Deployment instructions
Configurations in Microsoft Sentinel
- In Microsoft Sentinel, analytics rules should be configured to trigger an alert.
- Add your deployed logic app in analytic rule to be trigger on every generated alert, to do this follow below steps
- Select the analytic rule you have deployed.
- Click on Edit
- Go to Automated response tab
- Click on Add new
- Provide name for your rule, In Actions dropdown select Run playbook
- In second dropdown select your deployed playbook
- Click on Apply
- Save the Analytic rule.
- Add your deployed logic app in analytic rule to be trigger on every generated alert, to do this follow below steps
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊