Forum Discussion
Solved
Azure Sentinel Logic App Action Incident ID
I am looking at the Azure Sentinel action in Logic Apps (AKA Playbooks) and I notice that when I try to do something like "Add a Label" or "Write a Comment" most of the fields (Subscription ID, Resou...
You need to use System Alert ID
Getting closer. Didn't get that error but now I got: { "error": { "code": 500, "source": "logic-apis-eastus.azure-apim.net", "clientRequestId": "56979c89-eb27-42e6-9506-8e208cb4cb67", "message": "BadGateway", "innerError": { "message": "We couldn’t find incidents related to the specified properties.\r\nclientRequestId: 56979c89-eb27-42e6-9506-8e208cb4cb67", "status": 500, "source": "azuresentinel-eus.azconn-eus.p.azurewebsites.net" } } }
This is my configuration. Am I using the wrong variable for "Specify Alert Id"?
- Nicholas DiCola (SECURITY JEDI)
Microsoft
You need to use System Alert ID
That did the trick. I must have looked at the list of possible variables a dozen time and missed it every time! Thanks for all of your help!
GaryBushey Are you able to post a screencap of what your add comment blade looks like? still can't get mine to work.
