top of page

[Azure Log Analytics\Azure Monitor] Extracting the values from $webhookdata.

While configuring the alerts and action groups, $webhoodata is used to provide input to the Azure Automation based runbooks.

More precisely it is used when you want to azure automation runbook through Log analytics alerts. While creating alerts you have to define the action group. And this action group is responsible for calling the Runbook.

To receive data from the client, the runbook can accept a single parameter called $WebhookData. This parameter is of a type [object] that contains data that the client includes in the POST request.

The values for the $webhookdata are in JSON format and you can use the following properties to fetch the values from the $webhookdata.

$Webhookbody = $webhookdata | ConvertFrom-Json

$reqbody= $Webhookbody

$alertName = $

$Linktosearchresult = $

$Alert_Description = $

$Search_Query = $






125 views0 comments

Recent Posts

See All

Optimizing Microsoft Sentinel (SIEM) Environment

In the ever-evolving landscape of cybersecurity, the importance of a well-optimized Sentinel Environment cannot be overstated. As threats continue to morph and adapt, security teams must engage in a c


bottom of page