Configure the webhook in Microsoft Sentinel
Configure webhook endpoints so that Microsoft Sentinel can use the endpoint to communicate with Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
About this task
- Log in to your Microsoft Sentinel application console.
- Navigate to .
Create a logic app based on your workflow requirements.
For detailed information about creating Logic Apps, see the section Create a Consumption logic app resource.
After your logic app is successfully deployed, select Go to
resource. You can also select your logic app resource by typing
the name in the Azure search box.
In the Logic app designer, under
Templates, select Blank Logic
- Search for and select Microsoft Sentinel.
Under Triggers, select Microsoft Sentinel
- Click New step.
- In the new step to choose an operation, search for and select HTTP.
From the Actions tab, select
In the HTTP form, fill in these fields:
Field Description Method Select POST URI Enter the webhook URL copied from Lightstep Incident Response. Body Select Body from the Add Dynamic Content list.
- Click Save.
What to do next
- Navigate to .
- Select your workspace.
- From the navigation panel, under Configuration, select Analytics.
- Create or edit a Scheduled query rule.
- Add the conditions for your rule.
For detailed information about creating analytics rules, see Create a custom analytics rule with a scheduled query.
- On the Automated response tab, from the
Alert automation list, select the logic app
playbook containing the webhook URL from Lightstep Incident Response.
- Complete the rule creation and click Save.
Depending on your analytics rules, alerts triggered in Microsoft Sentinel will create alerts in Lightstep Incident Response.