Forum Discussion
Solved
Azure Sentinel Logic App Action Incident ID
I am looking at the Azure Sentinel action in Logic Apps (AKA Playbooks) and I notice that when I try to do something like "Add a Label" or "Write a Comment" most of the fields (Subscription ID, Resou...
You need to use System Alert ID
This is my configuration. Am I using the wrong variable for "Specify Alert Id"?
Nicholas DiCola (SECURITY JEDI)
Microsoft
MicrosoftYou need to use System Alert ID
That did the trick. I must have looked at the list of possible variables a dozen time and missed it every time! Thanks for all of your help!
GaryBushey Are you able to post a screencap of what your add comment blade looks like? still can't get mine to work.
GaryBusheydid you ever get this to work, can get it to write static comments but that's it.
- Nicholas DiCola (SECURITY JEDI)
Awesome! glad a could help.
if you have cool playbooks feel free to help contribute to the github repo!
Nicholas DiCola (SECURITY JEDI) A little more weirdness. I can get my Incident, post a comment back to my Incident, Generate a Service Now Incident, and then post a message to Teams (in that order) just fine. However, if I try to post a comment back to my incident AFTER generating a ServiceNow incident I get the following error message (which talks about changing settings in a webapp that I certainly don't have access to). Any ideas?
{"error": {"code": 400,"source": "logic-apis-eastus.azure-apim.net","clientRequestId": "d7b8f14a-9f0e-43df-b385-6eb3f14a4869","message": "The response is not in a JSON format.","innerError": "<!DOCTYPE html>\r\n<html>\r\n <head>\r\n <title>Runtime Error</title>\r\n <meta name=\"viewport\" content=\"width=device-width\" />\r\n <style>\r\n body {font-family:\"Verdana\";font-weight:normal;font-size: .7em;color:black;} \r\n p {font-family:\"Verdana\";font-weight:normal;color:black;margin-top: -5px}\r\n b {font-family:\"Verdana\";font-weight:bold;color:black;margin-top: -5px}\r\n H1 { font-family:\"Verdana\";font-weight:normal;font-size:18pt;color:red }\r\n H2 { font-family:\"Verdana\";font-weight:normal;font-size:14pt;color:maroon }\r\n pre {font-family:\"Consolas\",\"Lucida Console\",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}\r\n .marker {font-weight: bold; color: black;text-decoration: none;}\r\n .version {color: gray;}\r\n .error {margin-bottom: 10px;}\r\n .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }\r\n @media screen and (max-width: 639px) {\r\n pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }\r\n }\r\n @media screen and (max-width: 479px) {\r\n pre { width: 280px; }\r\n }\r\n </style>\r\n </head>\r\n\r\n <body bgcolor=\"white\">\r\n\r\n <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>\r\n\r\n <h2> <i>Runtime Error</i> </h2></span>\r\n\r\n <font face=\"Arial, Helvetica, Geneva, SunSans-Regular, sans-serif \">\r\n\r\n <b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.\r\n <br><br>\r\n\r\n <b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>\r\n\r\n <table width=100% bgcolor=\"#ffffcc\">\r\n <tr>\r\n <td>\r\n <code><pre>\r\n\r\n<!-- Web.Config Configuration File -->\r\n\r\n<configuration>\r\n <system.web>\r\n <customErrors mode="Off"/>\r\n </system.web>\r\n</configuration></pre></code>\r\n\r\n </td>\r\n </tr>\r\n </table>\r\n\r\n <br>\r\n\r\n <b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>\r\n\r\n <table width=100% bgcolor=\"#ffffcc\">\r\n <tr>\r\n <td>\r\n <code><pre>\r\n\r\n<!-- Web.Config Configuration File -->\r\n\r\n<configuration>\r\n <system.web>\r\n <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>\r\n </system.web>\r\n</configuration></pre></code>\r\n\r\n </td>\r\n </tr>\r\n </table>\r\n\r\n <br>\r\n\r\n </body>\r\n</html>\r\n"}}
