Recently I’ve been connecting up all my different home lab services to Discord as a central notification hub using the easy Webhook integrations provided when you create a new server. I wanted to start connecting my Sentinel lab alerts to this Discord, and so I created a logic app to do this.
First, you’ll need to create a Discord server and create an integration. You can find out [how to do that here.](https://www.svix.com/resources/guides/how-to-make-webhook-discord/
Shoutout to this article for the inspiration and from which I derived most of the format.
The logic app is simple and creates a nice looking notification message. It has the following features:
- Dynamic colouring based on incident severity
- Links to incident
- Links to your Sentinel workspace
Things I’d like to add later on:
- Dynamically change the link to the workspace based on alert provider (e.g. link to Defender if the alert came from Defender)
- Parse entities nicely and add to the description of the notification
- Shorten the URL to the Sentinel incident
- Account for incidents with multiple alerts so it doesn’t multiple notifications for the same incident
Breaking down the Logic App
You can safely skip the ‘Base Module’ from MSTAT. I just add it in as habit, it’s not currently used in my logic app.
First we set some variables:
Then I convert the timezone to Brisbane:
Set our Variables (not pictured is the P4 step):
And send the POST to our Discord webhook:
You can find the HTML POST request on Github.
