InboundSecurity

Microsoft Sentinel + Alert24

Turn Microsoft Sentinel alerts into actionable incidents in Alert24, with on-call routing, escalations, and status updates.

Start Free TrialSee Pricing

Receive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.

Auto-detected payloads

Alert24 recognizes Microsoft Sentinel webhooks out of the box and maps fields to incidents automatically.

On-call routing & escalations

Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.

Auto-updating status pages

Promote incidents to a public or private status page with one click and keep customers informed.

Change correlation & AI RCA

Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Microsoft Sentinel.

Configure Microsoft Sentinel

Add the webhook URL in your Microsoft Sentinel settings.

Auto-Detected

Alert24 auto-detects Microsoft Sentinel payloads and maps them to incidents.

Step-by-Step Setup Instructions

Microsoft Sentinel Webhook Setup

1.In Azure Portal, go to Microsoft Sentinel → Automation
2.Click Create and select Playbook with incident trigger
3.In the Logic App designer, add an HTTP action
4.Set Method to POST and URI to the webhook URL above
5.Set Body to the incident object from the trigger
6.Add appropriate headers (Content-Type: application/json)
7.Save the playbook
8.Create an Automation rule in Sentinel to trigger the playbook on new incidents

Example Webhook Payload

This is a sample payload that Microsoft Sentinel sends to Alert24 when an alert fires.

{
  "properties": {
    "incidentNumber": 12345,
    "title": "Suspicious sign-in from unfamiliar location",
    "description": "A user signed in from an IP address that has not been seen before for this account.",
    "severity": "High",
    "status": "New",
    "classification": "",
    "owner": {
      "assignedTo": ""
    },
    "labels": [],
    "firstActivityTimeUtc": "2024-01-15T10:00:00Z",
    "lastActivityTimeUtc": "2024-01-15T10:30:00Z",
    "providerName": "Azure Sentinel",
    "providerIncidentId": "inc-12345",
    "alertsCount": 1,
    "bookmarksCount": 0,
    "relatedAnalyticRuleIds": [
      "/subscriptions/sub-id/providers/Microsoft.SecurityInsights/alertRules/rule-123"
    ]
  }
}

How Alert24 Maps Microsoft Sentinel Data

Status Field

properties.status

Message Field

properties.title

Auto-Create Incidents

Yes

Auto-Resolve Incidents

Yes

Status Mapping

Alert24 StatusMicrosoft Sentinel Values
operational
Closed
down
NewActive

Connect Microsoft Sentinel to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Security Integrations

Microsoft Defender for Cloud

Inbound

Receive Microsoft Defender for Cloud security alerts via Activity Log webhook.

Snyk

Inbound

Receive Snyk vulnerability and license issue alerts via webhook.

SonarQube

Inbound

Receive SonarQube quality gate and analysis notifications via webhook.

Trivy

Inbound

Receive Aqua Trivy container and IaC vulnerability scan results via webhook.

Falco

Inbound

Receive Falco runtime security alerts via HTTP output.

Dependabot

Inbound

Receive GitHub Dependabot security alert notifications via webhook.