Create alert based on no. of open incidents

New Contributor

Hello! 

 

Hoping someone can help... I'm looking to create an email notification based on if the number of open incidents is greater than X value. Has anyone achieved this or can provide pointers, or guidance in setting up a playbook or similar to achieve this? 

 

Thanks :) 

2 Replies

@ClemFandango2055 

 

For looking at Incidents this may help Re: How to show amount of query results as entity on incident created in Azure Sentinel - Microsoft ...  you then you can use one of the two templates for an example Playbook to send the email

Screenshot 2021-10-21 130813.png

Perfect thanks @CliveWatson :smile:

www.000webhost.com