Send Email To Create Incident in Sentinel

Send Email To Create Incident in Sentinel

Samik Roy Samik Roy

Samik Roy

Published Oct 17, 2022
+ Follow

This post is inspired by MS Ignite 2022. There was a new announcement about the creation on Microsoft Sentinel Incident Creation.

This article led tool is an extension to the same.

In a organization there might be Security Incident occurring to the resources where Security is not tightened up yet. So an email address can be whistle blower here. An suspicious activity happens this can be reported over an email to a dedicated email address.

And a basic logic app attached to the email can create a Incident in Microsoft Sentinel with a dedicated email subject.

No alt text provided for this image

Here is a ready to deploy template available to avail this feature.

Here are next steps

Deployment -> Configuration -> Post Configuration -> Test

Deployment

No alt text provided for this image

Configuration

Once deployed please validate the connection

No alt text provided for this image

Microsoft Sentinel Connection -

No alt text provided for this image

Post Configuration

After successful configuration the logic app will look like this

No alt text provided for this image

Test

  1. Send an email

No alt text provided for this image

Incident created

No alt text provided for this image


Thank you for using the tool. Feel free to share you thoughts.

Mathew Ferreira 2y

Is this logic app still available? It appears that the deploy link is not working for me. Thank you.

Like
Reply
1 Reaction
Michael Crane 3y

Noah Taylor

Like
Reply
1 Reaction
Jagpreet Singh 3y

Thanks for sharing

Like
Reply
1 Reaction
See more comments

To view or add a comment, sign in

More articles by Samik Roy

See all articles

Explore content categories