Logic apps - condition not working

Georgi Palazov 286 Reputation points
2022-11-16T12:34:07.37+00:00

Hello,

What i'm trying to do is when an incident is triggered->check with query if its related to OracleDBAudit table. If not - don't send email. If yes - send email.
Below you can find the logic app flow i'm trying to implement:

260963-image.png

Run query and list results contains:

SecurityAlert
| where AlertName contains "OracleDBAudit"
| where IsIncident == true

  • In my case this is returning no results when inserted in LOGS, thus send no email. However I get an email no matter what.

260899-image.png

Below you can find the output from the Run query and list results which returns nothing and still the condition is TRUE?

260983-image.png

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,770 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
958 questions
0 comments No comments
{count} votes

0 additional answers

Sort by: Most helpful