Case Management
Automated Case Management
Case Management Dashboard
Case Management Interface
- Managing Cases
- Cases
- Observables
- Alerts
- Attachments
- Tasks
Triggers & Actions
- Actions
- Triggers
Case Management Settings
New Incident
Triggers a workflow on a new incident.
Workflows based on this trigger will search for new events every minute.
Parameters
| Parameter | Description |
|---|---|
| Resource Group Name | The name of the resource group. The name is case insensitive. |
| Subscription ID | The ID of the target subscription. |
| Workspace Name | The name of the workspace. |
Sample Event
Copy
Ask AI
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"type": "Microsoft.SecurityInsights/incidents",
"properties": {
"title": "My incident",
"description": "This is a demo incident",
"severity": "High",
"status": "Closed",
"classification": "FalsePositive",
"classificationReason": "InaccurateData",
"classificationComment": "Not a malicious activity",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"assignedTo": "john doe",
"userPrincipalName": "john@contoso.com",
"ownerType": "User"
},
"labels": [],
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"lastModifiedTimeUtc": "2019-01-01T13:15:30Z",
"createdTimeUtc": "2019-01-01T13:15:30Z",
"incidentNumber": 3177,
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
"commentsCount": 3,
"alertProductNames": [],
"tactics": [
"InitialAccess",
"Persistence"
],
"techniques": [
"T1091",
"T1133",
"T1053"
],
"providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"
},
"relatedAnalyticRuleIds": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"
],
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"providerName": "Azure Sentinel",
"providerIncidentId": "3177"
}
}
Assistant
Responses are generated using AI and may contain mistakes.
Was this page helpful?
On this page