Send basic email

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook will be sending email with basic incidents details (Incident title, severity, tactics, link,…) when incident is created in Microsoft Sentinel.

Attribute	Value
Type	Playbook
Solution	SentinelSOARessentials
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`office365`	Managed	1	1

Action parameters (URLs, paths, function IDs)

`office365` (Managed)

Action	Method	Endpoint	Other
Send_an_email_with_Incident_details	post	`/v2/Mail`	—

Additional Documentation

📄 Source: Send-basic-email/readme.md

Send-basic-email

author: Benjamin Kovacevic

Summary

This playbook sends an email with basic incident details (such as incident title, severity, tactics, and a direct link) when an incident is created in Microsoft Sentinel.

Prerequisites

A Microsoft 365 account to send email notifications (the user account will be used in the O365 connector for sending emails).

Deployment instructions

To deploy the playbook, click the Deploy to Azure button below. This will launch the ARM Template deployment wizard.
Fill in the required parameters:
- Playbook Name
- M365 Email Address

Post-deployment Instructions

a. Authorize connections

Once deployment is complete, authorize each connection.

Open the Logic App in the Azure portal.
Click O365 connector resource
Click edit API connection
Click Authorize
Sign in
Click Save
Repeat steps for other connections

Note: The email will be sent from the user who creates the connection.

b. Attach the playbook

In Microsoft Sentinel, configure an automation rule to trigger this playbook when an incident is created.
- Learn more about automation rules
Enable the playbook if it is disabled by default before assigning it to the automation rule.