История

dicolanl 525d001024 Updating Deploy buttons and links part 1		2021-06-16 00:25:40 +00:00
..
azuredeploy.json	New playbook created to export incidents and comments	2020-04-17 16:17:25 +01:00
readme.md	Updating Deploy buttons and links part 1	2021-06-16 00:25:40 +00:00

readme.md

Export-Incidents-With-Comments

author: Bridewell Consulting - Robert Kitching

This playbook will export all incidents and comments and email them in an CSV file. The filter date is linked to the recurrence trigger settings.

Notes

This playbook will account for API pagination. Default page size is set to 50, please alter as appropriate.

If you wish to alter the output columns etc please alter the 'Append to array variable' action within the main loop.

Annotated Guide

For an annotated breakdown of this playbook please visit https://www.bridewellconsulting.com/automating-azure-sentinel-using-playbooks-to-extract-data.

Additional Post Install Notes:

The Logic App uses a Managed System Identity to authenticate and authorize against management.azure.com to retrieve the data from the API. Be sure to turn on the System Assigned Identity in the Logic App.

Assign RBAC 'Log Analytic Reader' role to the Logic App at the required level.