Sync - Incident Comment To M365D On Update

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This playbook will sync incident comments from Microsoft Sentinel to Microsoft 365 Defender when comment is added.

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
azuresentinel	Managed	1	0
http	Built-in	0	1

Action parameters (URLs, paths, function IDs)

http (Built-in)

Action	Method	Endpoint	Other
HTTP	PATCH	https://api.security.microsoft.com/api/incidents/@{triggerBody()?['object']?['properties']?['providerIncidentId']}	—

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks