Configure the webhook in Microsoft Sentinel
Configure webhook endpoints so that Microsoft Sentinel can use the endpoint to communicate with Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
About this task
Note: While this integration with a third-party product is
supported, the documentation here is based upon information provided by that third-party.
More current information about the operation of that third-party’s system may be available
from them directly.
Procedure
What to do next
Add the logic app containing the webhook URL from Lightstep Incident Response to
your Microsoft Sentinel analytics rules.
- Navigate to .
- Select your workspace.
- From the navigation panel, under Configuration, select Analytics.
- Create or edit a Scheduled query rule.
- Add the conditions for your rule.
For detailed information about creating analytics rules, see Create a custom analytics rule with a scheduled query.
- On the Automated response tab, from the
Alert automation list, select the logic app
playbook containing the webhook URL from Lightstep Incident Response.
- Complete the rule creation and click Save.
Depending on your analytics rules, alerts triggered in Microsoft Sentinel will create alerts in Lightstep Incident Response.