This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello,
What i'm trying to do is when an incident is triggered->check with query if its related to OracleDBAudit table. If not - don't send email. If yes - send email.
Below you can find the logic app flow i'm trying to implement:
Run query and list results contains:
SecurityAlert
| where AlertName contains "OracleDBAudit"
| where IsIncident == true
Below you can find the output from the Run query and list results which returns nothing and still the condition is TRUE?
An Azure service that automates the access and use of data across clouds without writing code.
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
Answer accepted by question author
Hi @Georgi Palazov ,
I don't think you can use a blank entry for your 'is not equal to'.
It must specify a 'null' value as a function.
Here's an excellent example:
how-to-deal-with-possible-null-values-in-control-c.html
