Configure the webhook in Azure Monitor

Configure webhook endpoints so that Azure Monitor can use the endpoint to communicate with Incident Response.

Before you begin

  • Ensure you have created an account in Azure Monitor.
  • Ensure that you have created a resource and the resource is a part of a resource group.

Role required: Responder, Manager, or Administrator

About this task

Note: While this integration with a third-party product is supported, the documentation here is based upon information provided by that third-party. More current information about the operation of that third-party’s system may be available from them directly.

Procedure

  1. Log in to the Microsoft Azure console.
  2. Open the resource for which you want to configure the webhook for an alert rule.
  3. From the navigation pane, click Alerts > Alert rules.
    The Alert option in the navigation pane.
  4. Create a new alert rule or select the alert rule for which you want the alerts to be shared with Incident Response.
    For information on creating alerts in Azure Monitor, see Create a metric alert for an Azure resource.
  5. If you don't already have an action group in your subscription to select, create an alert action group and associate it with the alert rule.
  6. In the action group, move to the Actions tab.
    1. From the Action type list, select Webhook.
    2. In the Name field, enter a unique name for the action.
    3. In the URI field, enter the webhook URL copied from Incident Response. For more information on how to generate a webhook URL, see Create a webhook endpoint for Azure Monitor.
    4. Set Enable the common alert schema option to Yes.
      Note: If you set this option to No, alerts won't be generated in Incident Response.
    5. Click OK.
    Webhook page.
  7. Click Save changes if you're editing an existing alert rule. Otherwise, continue with the rule creation.

Results

Azure events, based on the alert rule, are forwarded to Incident Response through the configured webhook endpoint.