Severity and state mappings for Azure
Alert priority and resolution state mapping between Azure and Incident Response.
Azure alert priority mapping
Azure’s alert priority is based on two fields in the payload. The fields of interest
are:
data.essentials.severitydata.essentials.monitorCondition
Conditions that are applied on the payload:
- Only if
data.essentials.monitorConditionvalue isFired, it considers values from the fielddata.essentials.monitorCondition. - If
data.essentials.monitorConditionvalue is notFired, then the alert priority value set is Clear/0.
| Azure payload field | Azure payload value | Incident Response alert priority value |
|---|---|---|
| data.essentials.severity | Sev0 | P1-Critical |
| Sev1 | P2-High | |
| Sev2 | P4-Low | |
| Sev3 | ||
| Sev4 | P5-INFORMATIONAL |
Azure resolution state mapping
The field of interest is: data.essentials.monitorCondition
| Azure payload field | Azure payload value | Incident Response alert resolution state value |
|---|---|---|
| data.essentials.monitorCondition | Fired | New |
| Closing |
Note: If you require any other severity and state mappings, use the
Generic webhook integration.