Hi, I have a question. I've created a playbook and everything seems to work except for viewing the Entities. When the mail arrives the entities are empty. I entered: EntityName:Entities (Listof entites related to the incident can contain......) but the entities displayed on Sentinel do not appear in e-mail. How can I do? Thank you.
Great video! It is possible to use a managed account to sent emails? I mean, instead of sending emails from a personal email account (For this case was DPM Service)
HI Axel thank you watching the video, yes you definitely can and is the recommended way of doing this. I have created and used a service account to do a similar task in one of my previous videos 👍
@@SecurityMadeSimple Thanks for replay, mate. I followed the instructions like in the video of creating a Service Account and executed the Logic App, but when it comes to link an account to send an email via Outlook, I found that is the personal account who is sending the alert emails when Logic App is executed. Is there a way to link this Service Principal Account to Outlook to send alerts instead of my personal Outlook account?
I am getting the below error ExpressionEvaluationFailed. The execution of template action 'For_each_2' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array. Please help me fix this.
Customised Email Body with HTMLas mentioned in the video: Hello SecurityTeam, You have an incident from Azure Sentinel. Below is information: Alert Name: AlertDisplayName Description: IncidentDescription Severity: Incident Severiity Incident ID: IncidentSentinelID Start Time: AlertStartTime Incident URL: IncidentURL Please review and update incident accordingly. Azure Sentinel Team
Hi Sir, I followed your video instruction but i'm getting below error message, please guide me how to fix. ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array.
Is there a way to apply the email playbook to all analytics rules? - It seems very painful to add email notifications this way to all incidents that may be generated.
There is a powershell script to do mass rollout ..Please see this reference:techcommunity.microsoft.com/t5/microsoft-sentinel/how-to-mass-apply-a-playbook-to-all-analytic-rules-at-once/m-p/2070715
I got tripped up because the Security Center is now known as Defender for Cloud. Otherwise, great content and thank you for the knowledge.
Thanks James appreciate that champ
Thank you sir for recording this video and shared your knowledge.❤
Thank you Avinash
Hi, I have a question. I've created a playbook and everything seems to work except for viewing the Entities. When the mail arrives the entities are empty.
I entered: EntityName:Entities (Listof entites related to the incident can contain......)
but the entities displayed on Sentinel do not appear in e-mail. How can I do? Thank you.
Great video!
It is possible to use a managed account to sent emails? I mean, instead of sending emails from a personal email account (For this case was DPM Service)
HI Axel thank you watching the video, yes you definitely can and is the recommended way of doing this. I have created and used a service account to do a similar task in one of my previous videos 👍
@@SecurityMadeSimple Thanks for replay, mate.
I followed the instructions like in the video of creating a Service Account and executed the Logic App, but when it comes to link an account to send an email via Outlook, I found that is the personal account who is sending the alert emails when Logic App is executed. Is there a way to link this Service Principal Account to Outlook to send alerts instead of my personal Outlook account?
I am getting the below error
ExpressionEvaluationFailed. The execution of template action 'For_each_2' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array.
Please help me fix this.
Hi there same here I had the same issue please did you find any solution ?
Have you found the solution for your above error i am getting the same error
Customised Email Body with HTMLas mentioned in the video:
Hello SecurityTeam,
You have an incident from Azure Sentinel. Below is information:
Alert Name: AlertDisplayName
Description: IncidentDescription
Severity: Incident Severiity
Incident ID: IncidentSentinelID
Start Time: AlertStartTime
Incident URL: IncidentURL
Please review and update incident accordingly.
Azure Sentinel Team
how would we send the same incident to a event hub so that it can be ingested into a third party SIEM ?
th-cam.com/video/2KNt5P1Rx0w/w-d-xo.html&ab_channel=HardConceptsSimple - Please have a look at this video ,, i discuss about event hubs in this 👍👍
Hi Sir,
I followed your video instruction but i'm getting below error message, please guide me how to fix.
ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array.
Did you ever figure out your issue? I am getting the exact same error
@@rpighin Any luck on this one?
The best guide on Sentinel I have seen so far. Thank you brother. How can I contact you via email?
Thanks Ed for those kind words. Please feel free to reach out to me in linkedin
Is there a way to apply the email playbook to all analytics rules? - It seems very painful to add email notifications this way to all incidents that may be generated.
There is a powershell script to do mass rollout ..Please see this reference:techcommunity.microsoft.com/t5/microsoft-sentinel/how-to-mass-apply-a-playbook-to-all-analytic-rules-at-once/m-p/2070715
good content