Using Logic App Parameters with Microsoft Sentinel Playbooks
Paramalamadingdong
I recently made a recommendation about the importance of Making Use of Variables in Microsoft Sentinel Playbooks. In this post I want to take this just a bit further and make an addendum recommendation.
Have you ever wondered how to generate those fill-in blanks that are produced during deployment of an ARM template (as shown in the image below)?
You do this through the use of the Parameters option in the Logic App Designer…
Just like you would for initializing variables, these Parameters can be used from the dynamic list throughout the Logic App. The difference is that when you create a deployment template for your Playbook (using Sreedhar’s Playbook Template Generator), your custom, reserved variables (like tenant ID, subscription ID, etc.) are retained and safe and the deploying environment can enter their own values.
Want a good example of this? See: Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]