Azure-Sentinel/Playbooks/Create Incidents with Email/Readme.md

1.6 KiB

Please use the below button to deploy

Deploy to Azure

Deployment

Once deployed you can configure the connections as below

image

Configuration

  1. Sentinel Connection

image

  1. Office 365 Connection

image

Post configuration

Once configured, the logic app will look like this.

image

Test

Step 1: Send an email to the configure email

image

Step 2: Incident created in Sentinel

image

Use cases

SOC - In a organization there might be Security Incident / Suspicious activity occurring to the resources where Security is not tightened up yet. So an email address can be whistle blower here. A suspicious activity can be reported over a dedicated email address to create an incident and address the incident.

Thank you for using the tool.