This will only list playbooks with an incident-based trigger. The secondary option lets you call alert-based playbooks. Also, make sure the workspace is authorized in settings. If that is good maybe wait a bit an open a support case if persistent.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Does anyone else have this issue? I've setup a playbook for email notifications to be sent for incidents and I'm not able to see them. I've recreated the playbook again and it doesn't appear again when I try to use it. I can see the automation rules and playbooks in the automations sections though. TIA
This will only list playbooks with an incident-based trigger. The secondary option lets you call alert-based playbooks. Also, make sure the workspace is authorized in settings. If that is good maybe wait a bit an open a support case if persistent.
I would like to suggest one other possibility which I frequently come across.
If you only have the Sentinel Contributor role, you will not see any listed playbooks.
You must add the Logic App Contributor role within the resource group IAM permissions:
Thanks for your replies.
I've looked at both and its configured properly - sentinel as access to the entire resource group and i have access to the logic app contributor role + owner rights
@mpark714
Thank you for your post and I apologize for the delayed response!
When it comes to your Playbook not appearing within your automation rule, this is because your Logic App (Playbook) needs to either start with the Microsoft Sentinel incident
trigger, or your Automation Rule Trigger needs to reflect that of your Playbook trigger.
Playbook using Alert Trigger, while the Automation rule is listing playbooks for the Incident trigger:
Only playbooks that start with the incident trigger can be run from automation rules, so only they will appear in the list.
Playbook Trigger and Automation Rule trigger both being of kind Incident:
To see what type of Playbook you created:
Microsoft Sentinel
-> Automation
-> Active Playbooks
-> Filter by Trigger kind
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
@mpark714
Thank you for following up on this!
Since you have the correct Logic App Trigger - Microsoft Sentinel incident (Preview), can you make sure that the logic app is part of your Active Playbooks within Azure Sentinel?
If the playbook (Logic App) isn't part of your Azure Sentinel Active Playbooks list, you'll have to create a new playbook in Microsoft Sentinel:
Microsoft Sentinel
navigation menu, select Automation
. Create
. Create
gives you three choices for creating playbooks. If you have an active playbook and still aren't able to create an Incident trigger, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.