This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hi,
I want to configure notifications about assigning incident to user.
For example, I want to get email alert any time when an incident is assigned to me.
Is it possible to configure it?
Thank you in advance.
please find mentioned below link hope it will help you
https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/
I hope answer the question if issue resolve accept answer
@Khurram Rahim , thank you for your answer.
This solutions is only work in my environment for new incidents etc.
I want to get a notification after I assigned incident to sb.
@Khurram Rahim , thank you for your answer.
This solutions is only work in my environment for new incidents etc.
I want to get a notification after I assigned incident to somebody.
Is it possible?
You could create a Schedule Rule (to run, 5min to 1hr maybe) which checks for the assignment, and this would also use the Playbook to send an email to you?
.
SecurityIncident
| extend assignedTo_ = tostring(Owner.assignedTo)
| where isnotempty(assignedTo_)
| summarize count(), arg_max(TimeGenerated,*) by tostring(Owner)
or
// you can have an allowed list with only your name, but I have added the option for more than one.
let allowedList = dynamic(["PiotrBatruk","Clive"]);
SecurityIncident
| extend assignedTo_ = tostring(Owner.assignedTo)
| where isnotempty(assignedTo_)
| where assignedTo_ in (allowedList)
| summarize count(), arg_max(TimeGenerated,*) by tostring(Owner)