Share via

Can I trigger playbook from alert Status?

Sam C 46 Reputation points
2021-01-05T17:32:40.827+00:00

I'm trying to create incidents in ServiceNow whenever an Alert is set to "Active" inside of Sentinel. Is there a playbook trigger for this? Or a way to do this without creating another alert?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,005 questions
0 comments
Accepted answer
  1. James Hamil 22,436 Reputation points Microsoft Employee
    2021-01-05T22:23:00.953+00:00

    Hi @Sam C , unfortunately I have not been able to find anything that is able to do this. I recommend filing a feature request here. There also may be a feature included with ServiceNow that could help you if you want to reach out to them. If this helps, please mark this answer as verified so other users can reference it. Please let me know if you have any other questions.

    Best,
    James

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam C 46 Reputation points
    2021-01-05T22:40:53.453+00:00

    If you're also looking for this feature, go ahead and add a comment to my request here: https://feedback.azure.com/forums/34192--general-feedback/suggestions/42360808-azure-sentinel-playbooks-need-an-alert-status-trig

    0 comments