SecureBytes

, , ,

Automating Email Notifications for Azure KQL Rule using Azure Logic Apps

Published by

Sujit Mahakhud

on

Automating Email Notifications for Azure KQL Rule using Azure Logic Apps

Introduction

In today’s fast-paced digital landscape, staying ahead of potential threats and system updates is crucial for maintaining the security and efficiency of your Azure environment. With the power of Azure Logic Apps, you can automate email notifications to ensure that you never miss out on critical events, such as when a KQL (Kusto Query Language) rule is triggered. In this guide, we’ll walk you through the steps to set up a Logic App that sends email notifications when a KQL rule is triggered, helping you stay informed and proactive in managing your Azure resources.

Step 1: Creating a Logic App

  • Navigate to the Azure portal and search for “Logic Apps.”
  • Click on “+Add” to create a new Logic App.
  • Enter the necessary details such as Subscription name, Resource group, Logic App name, region, and plan type. Then, click on “Review + create” to proceed.

Step 2: Designing the Logic App Flow

  • After creating the Logic App, go to the Logic App resource, and navigate to “Logic app designer.”
  • In the Logic App Designer, you’ll create the workflow to automate email notifications.

Step 2.1: Setting Up Recurrence

  • Add a “Recurrence” trigger to specify the frequency of the Logic App execution. This ensures regular monitoring for triggered KQL rules.

Step 2.2: Querying Azure Monitor Logs

  • Add an action “Run query and list result” for that search Azure Monitor logs. Here you input your KQL query. This step allows you to retrieve relevant data based on your KQL query input.

Step 2.3: Formatting Data as HTML Table

  • Utilize the “Create HTML table” action from the “Data Operations” category to format the query results into an HTML table. This makes the email notification more structured and readable.

Step 2.4: Send mail using Office 365 Outlook Connector

  • Send Email Notification: Search for the Office 365 Outlook connector and choose “Send an email (V2)” action.
  • Email Content: Use the “Output” for Body from dynamic content.
  • Recipient: Enter the email address where you want to receive notifications.

Conclusion

With this Logic App set up, you’re all set to stay informed about any triggered KQL rules. The Logic App will run at your specified frequency, check Azure Monitor Logs for rule triggers, format the results neatly into an HTML table, and send you an email notification via Office 365 Outlook whenever a rule is triggered. Don’t forget to save and enable your Logic App once you’ve finished setting it up.

Useful Links:

Create example Standard logic app workflow in Azure portal – Azure Logic Apps | Microsoft Learn

Overview – Azure Logic Apps | Microsoft Learn

One response to “Automating Email Notifications for Azure KQL Rule using Azure Logic Apps”

  1. Smruti Rekha Avatar
    Smruti Rekha

    Good

    Like

    Reply

Leave a comment

Hello,

I’m Sujit

Welcome to SecureBytes, my cozy corner of the internet where we explore the wonders of the online world. Join me on a journey of discovery, knowledge, and shared interests. Let’s navigate this digital realm together with curiosity and excitement. Ready to embark on this adventure? Let’s go!

Let’s connect

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts