Notify When Incident Is Reopened

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

This playbook is utilizing new update trigger to notify person/group on Microsoft Teams/Outlook when incident is reopened.

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`office365`	Managed	1	1
`teams`	Managed	1	1

Action parameters (URLs, paths, function IDs)

Action	Method	Endpoint	Other
Send_an_email_(V2)	post	`/v2/Mail`	—

Action	Method	Endpoint	Other
Post_adaptive_card_in_a_chat_or_channel	post	`/v1.0/teams/conversation/adaptivecard/poster/Flow bot/location/@{encodeURIComponent('Channel')}`	—

📄 Source: Notify-IncidentReopened/readme.md

author: Benjamin Kovacevic

This playbook is utilizing new update trigger to notify person/group on Microsoft Teams/Outlook when incident is reopened.

Email address to where notification will be sent to.
Microsoft Teams Team ID and Channel ID (Instructions to get IDs - https://www.linkedin.com/pulse/3-ways-locate-microsoft-team-id-christopher-barber-/) or choose Team and Channel after the deployment

Authorize Microsoft Teams and Microsoft Office 365 Outlook connectors
Choose Microsoft Teams Team and Channel where to send the adaptive card (only if Team ID and Channel ID were not added during the deployment)
Add playbook as an action to the automation rule

If you want to receive notifications only on Microsoft Teams or only on Microsoft Office 365 Outlook, please remove unneeded connection. To remove, click on 3 dots on top right side of connector, and choose "Delete".

Delete connection example