Update a watchlist via logic apps (AAD groups)

Daniel Long 20 Reputation points


I would like to build a sentinel watchlist from a dynamic list from an AAD group.
That way I can create analytics rules and dismiss any user in this particular watchlist.

I did try to use the identity info table however, it doesn't appear to be updated constantly so the rule doesn't work as I would like.

If there are better ways of doing it then it would be much appreciated.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,538 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
857 questions
{count} votes