Create alert based on no. of open incidents

%3CLINGO-SUB%20id%3D%22lingo-sub-2868470%22%20slang%3D%22en-US%22%3ECreate%20alert%20based%20on%20no.%20of%20open%20incidents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2868470%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHoping%20someone%20can%20help...%20I'm%20looking%20to%20create%20an%20email%20notification%20based%20on%20if%20the%20number%20of%20open%20incidents%20is%20greater%20than%20X%20value.%20Has%20anyone%20achieved%20this%20or%20can%20provide%20pointers%2C%20or%20guidance%20in%20setting%20up%20a%20playbook%20or%20similar%20to%20achieve%20this%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2869032%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20alert%20based%20on%20no.%20of%20open%20incidents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2869032%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1191761%22%20target%3D%22_blank%22%3E%40ClemFandango2055%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20looking%20at%20Incidents%20this%20may%20help%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-show-amount-of-query-results-as-entity-on-incident%2Fm-p%2F2833480%23M4211%22%20target%3D%22_blank%22%3ERe%3A%20How%20to%20show%20amount%20of%20query%20results%20as%20entity%20on%20incident%20created%20in%20Azure%20Sentinel%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%26nbsp%3B%20you%20then%20you%20can%20use%20one%20of%20the%20two%20templates%20for%20an%20example%20Playbook%20to%20send%20the%20email%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202021-10-21%20130813.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F318933i92663A6BED5A0001%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202021-10-21%20130813.png%22%20alt%3D%22Screenshot%202021-10-21%20130813.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2869042%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20alert%20based%20on%20no.%20of%20open%20incidents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2869042%22%20slang%3D%22en-US%22%3E%3CP%3EPerfect%20thanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40CliveWatson%3C%2FA%3E%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello! 

 

Hoping someone can help... I'm looking to create an email notification based on if the number of open incidents is greater than X value. Has anyone achieved this or can provide pointers, or guidance in setting up a playbook or similar to achieve this? 

 

Thanks :) 

2 Replies

@ClemFandango2055 

 

For looking at Incidents this may help Re: How to show amount of query results as entity on incident created in Azure Sentinel - Microsoft ...  you then you can use one of the two templates for an example Playbook to send the email

Screenshot 2021-10-21 130813.png

Perfect thanks @CliveWatson :smile:

www.000webhost.com