Create Playbook to email Azure Sentinel Incident with proper HTML formatting

I got tripped up because the Security Center is now known as Defender for Cloud. Otherwise, great content and thank you for the knowledge.

jamesclifton

Thank you sir for recording this video and shared your knowledge.❤

avinashkolhe

Customised Email Body with HTMLas mentioned in the video:

<p>Hello SecurityTeam, </p>
<p>You have an incident from Azure Sentinel. Below is information:</p>

<ul>
<li><strong>Alert
IncidentDescription</li>
Incident Severiity</li>
<li><strong>Incident ID</strong>: IncidentSentinelID</li>
<li><strong>Start Time</strong>: AlertStartTime</li>
<li><strong>Incident URL</strong>: IncidentURL</li>
</ul>

<p>Please review and update incident accordingly.</p>
<p>Azure Sentinel Team</p>

SecurityMadeSimple

Hi, I have a question. I've created a playbook and everything seems to work except for viewing the Entities. When the mail arrives the entities are empty.
I entered: (Listof entites related to the incident can
but the entities displayed on Sentinel do not appear in e-mail. How can I do? Thank you.

alexanderrose

I am getting the below error


Please help me fix this.

KallamSivaSaiKumar

Great video!
It is possible to use a managed account to sent emails? I mean, instead of sending emails from a personal email account (For this case was DPM Service)

axelfloresbeltran

how would we send the same incident to a event hub so that it can be ingested into a third party SIEM ?

nandpurohit

Hi Sir,

I followed your video instruction but i'm getting below error message, please guide me how to fix.

natureloverbalu

The best guide on Sentinel I have seen so far. Thank you brother. How can I contact you via email?

SuperWinning

Is there a way to apply the email playbook to all analytics rules? - It seems very painful to add email notifications this way to all incidents that may be generated.

jackr