When the Sentinel incident is triggered, you may want some IT operation or support team can receive email alert with that incident detail. This post will guide you how to configure email alert with Sentinel incident detail (with some HTML code) by using Logic App when Sentinel incident is triggered.
The steps for the whole configuration will be:
- Configure Automation Rule from Sentinel Analytics Rule
- Develop Logic App code for Email Alert purpose
Step 1 – Configure Automation Rule from Sentinel Analytics Rule:
Visit to “Sentinel” and select “Automation” and configure the automation rule for all your analytics rule (you can select specific analytics rule as you want that incident should be notice from email alert)
Step 2 – Develop Logic App code for Email Alert purpose:
Now you need to develop the logic app for email alert sending, you can take the below screenshot as example:
If you want your Email content with HTML format, you need to place your HTML code into a variable, otherwise it will not be work if you just place the HTML code in the Body.
This is our customized email alert content for reference.
You can visit our SOS GitHub for downloading the source code as a template:
https://github.com/SOSHKMVP/Azure-LogicApp/tree/main/LogicApp_SendAlertEmail
Eric Chan
Microsoft MVP
SOS Group Limited