Microsoft Sentinel

Receive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.

InboundSecurity

Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Microsoft Sentinel.

Configure Microsoft Sentinel

Add the webhook URL in your Microsoft Sentinel settings.

Auto-Detected

Alert24 auto-detects Microsoft Sentinel payloads and maps them to incidents.

Step-by-Step Setup Instructions

Microsoft Sentinel Webhook Setup

1.In Azure Portal, go to Microsoft Sentinel → Automation

2.Click Create and select Playbook with incident trigger

3.In the Logic App designer, add an HTTP action

4.Set Method to POST and URI to the webhook URL above

5.Set Body to the incident object from the trigger

6.Add appropriate headers (Content-Type: application/json)

7.Save the playbook

8.Create an Automation rule in Sentinel to trigger the playbook on new incidents

Example Webhook Payload

This is a sample payload that Microsoft Sentinel sends to Alert24 when an alert fires.

{
  "properties": {
    "incidentNumber": 12345,
    "title": "Suspicious sign-in from unfamiliar location",
    "description": "A user signed in from an IP address that has not been seen before for this account.",
    "severity": "High",
    "status": "New",
    "classification": "",
    "owner": {
      "assignedTo": ""
    },
    "labels": [],
    "firstActivityTimeUtc": "2024-01-15T10:00:00Z",
    "lastActivityTimeUtc": "2024-01-15T10:30:00Z",
    "providerName": "Azure Sentinel",
    "providerIncidentId": "inc-12345",
    "alertsCount": 1,
    "bookmarksCount": 0,
    "relatedAnalyticRuleIds": [
      "/subscriptions/sub-id/providers/Microsoft.SecurityInsights/alertRules/rule-123"
    ]
  }
}