Hi @Nasimjon Tohirov ,
Welcome to Microsoft Q&A! Thanks for posting the question.
I see that you are using Azure Automation Update Management and would like to send notification to Slack for Critical updates available. The following guidelines should help you achieve it using Logic Apps. The basic flow is:
Query Log Analytics Workspace for details --> Post message on slack channel.
The high-level steps are:
1. Create Logic Apps in Azure --> use the "Recurrence trigger" to ensure that the Logic Apps run at regular interval. Please note that the "Azure Automation Update Management's" compliance scan is done once every 12 hours on Windows machine and every 1 hour on Linux machine. Therefore, set the recurrence trigger keeping these timelines in mind. For more information, please refer to About Update Management
2. Use the "Run query and list results" activity from "Azure Monitor Logs connector". Connect to the Log Analytics workspace which is linked with Azure Automation account. You can get the details of it by going to "Linked Workspace" in "Azure Automation Account" in portal.
3. The details of updates are available in Update
table. The link here contains the columns available which can be used for your query. A sample query is given below:
Update
| where UpdateState == 'Needed' and Classification in ('Critical updates', 'Security updates', 'Critical and security updates')
| project Computer, Product, Title, KBID
You may also refer to this link for some additional sample queries that can be used.
4. Once you have finalized the query, use it in the activity as available in Step 2. above.
5. The final step is to send the queried result to Slack. You can use the Post message (V2) activity from Slack connector for Azure Logic Apps.
Hope it helps. Please let me know if you have any questions.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.