Customised Email Body with HTMLas mentioned in the video: Hello SecurityTeam, You have an incident from Azure Sentinel. Below is information: Alert Name: AlertDisplayName Description: IncidentDescription Severity: Incident Severiity Incident ID: IncidentSentinelID Start Time: AlertStartTime Incident URL: IncidentURL Please review and update incident accordingly. Azure Sentinel Team
Great video! It is possible to use a managed account to sent emails? I mean, instead of sending emails from a personal email account (For this case was DPM Service)
HI Axel thank you watching the video, yes you definitely can and is the recommended way of doing this. I have created and used a service account to do a similar task in one of my previous videos 👍
@@SecurityMadeSimple Thanks for replay, mate. I followed the instructions like in the video of creating a Service Account and executed the Logic App, but when it comes to link an account to send an email via Outlook, I found that is the personal account who is sending the alert emails when Logic App is executed. Is there a way to link this Service Principal Account to Outlook to send alerts instead of my personal Outlook account?
Hi, I have a question. I've created a playbook and everything seems to work except for viewing the Entities. When the mail arrives the entities are empty. I entered: EntityName:Entities (Listof entites related to the incident can contain......) but the entities displayed on Sentinel do not appear in e-mail. How can I do? Thank you.
I am getting the below error ExpressionEvaluationFailed. The execution of template action 'For_each_2' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array. Please help me fix this.
Hi Sir, I followed your video instruction but i'm getting below error message, please guide me how to fix. ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array.
Is there a way to apply the email playbook to all analytics rules? - It seems very painful to add email notifications this way to all incidents that may be generated.
There is a powershell script to do mass rollout ..Please see this reference:techcommunity.microsoft.com/t5/microsoft-sentinel/how-to-mass-apply-a-playbook-to-all-analytic-rules-at-once/m-p/2070715
ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-2KNt5P1Rx0w.html&ab_channel=HardConceptsSimple - Please have a look at this video ,, i discuss about event hubs in this 👍👍