Skip to main content

Workflow Template: Create Case from Microsoft Sentinel Incident

Receives alerts from Microsoft Sentinel Trigger and creates a case via a field mapper.

Updated this week

The "Create Case from Microsoft Sentinel Incident" workflow template streamlines incident management by automating the creation of cases from Microsoft Sentinel alerts. Upon receiving alerts via a webhook, the workflow maps alert fields to a predefined case layout and generates a new case. This process enhances efficiency in handling security incidents by ensuring consistent case documentation and facilitating quick response actions. Ideal for organizations utilizing Microsoft Sentinel for security monitoring, this template simplifies case management and improves incident response times.

Take Me to the Template

Trigger

Microsoft Sentinel

Use Cases

Case Management

Workflow Breakdown

  1. Workflow receives alerts via a webhook from Microsoft Sentinel.

  2. Map alert fields to a predefined case layout.

  3. Creates a new case for the alert with a predefined layout.

Vendors

Utils, Torq Cases, Data Transformation

Tips

Related Articles
Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases
Workflow Template: Initial CrowdStrike Case Creation
Workflow Template: Initial SentinelOne Case Creation
Workflow Template: Synchronize Torq Case State Change to Microsoft Sentinel Incident
Workflow Template: Synchronize Torq Case Comment to Microsoft Sentinel Incidents
Did this answer your question?