I'm trying

@@plug-it when you start please let me know bro.

In the logic app, your query needs to detect incidents unassigned older than a certain time, whatever result comes from that would be the incident number you need to have actioned by the logic app / playbook

@@plug-it Thanks a lot for your reply. I have added a delay for the timing in the logic app, after that I used a query to check the unassigned incidents but it does not seem to work well. I'd appreciate if you could make a video to demonstrate or share the query.

@@gupirqamil5333 I'll try

in time

distinct is to only show which values / columns there are. Project is to show the columns with their data

anything is possible if you look hard enough

Thank you so much for your feedback! I am happy to help in any way that I can! Never stop practicing!

Thanks a ton for responding

@@shefalikumari3513 Only a pleasure, let me know if there is anything else I can help with!

I'm happy to help! :)

please elaborate on what you want bro

@@plug-it bro i want kql videos which can help me to build rule creation

@@GOKU-nn4ed In the upcoming weeks there will be more videos in this series regarding KQL. Keep watching bro

@@plug-it thats bro its much needed content

thanks for watching! Grabify is really cool, they have many great tools

@@plug-it Fr but I personally use IP logger because I put the name of the link *Map* and they allow the gps

Yea it works to get the ip but it’s not always correct it is a cool way tho

Where would you like to be notified? Email? Teams?

@@plug-it just like pop-up or mobile anything

@@sourabhbdr7201 check this out - kzbin.info/www/bejne/gZWceqOkibyBmrMsi=vDtwLY4eerwlBQK4

that's the plan! watch this space!

NVM the playbook was failing. You can see playbook run logs in the overview page for the logic app

Ok, I'll do that later

amiin!

@@plug-it can we have a video on creating workbooks in sentinel for imperva waf related alerts?

@@suheelrm5096 There is an Imperva WAF Cloud workbook in the content hub

@@dindin7710 best to remove it asap!

which one?

@sammeditator what exactly about the location do you have? specifics

If I understand your question correctly, then your best option would be burp suite, it would require some work though - portswigger.net/burp

They can't see what u have in your phone, but can track you aslong as you have Internet

they can smoke u

Hi there, could you please elaborate? Which traffic are you referring to? And which dashboard?

Thank you! We are glad to have helped!

kzbin.info/www/bejne/gJibnn1uZtuega8&ab_channel=ScammerPayback

I will try!

Thanks, the playbook that I created was not visible at the time

@@plug-it is it visible now :)

Hey Ajay! apologies for the delay in response. The way that I can recommend is building a playbook that automatically closes the incident and thereafter an email step would be triggered to notify of the incident that was closed.========= Alternatively, what you could do, is create a separate analytic rule that performs a lookup on incidents that were closed, and then create an automation rule and playbook to send an email (notification) when the analytic rule is triggered. Hope this helps! thanks for watching!