top of page

[Azure Log Analytics\Azure Monitor] Extracting the values from $webhookdata.

While configuring the alerts and action groups, $webhoodata is used to provide input to the Azure Automation based runbooks.

More precisely it is used when you want to azure automation runbook through Log analytics alerts. While creating alerts you have to define the action group. And this action group is responsible for calling the Runbook.

To receive data from the client, the runbook can accept a single parameter called $WebhookData. This parameter is of a type [object] that contains data that the client includes in the POST request.

The values for the $webhookdata are in JSON format and you can use the following properties to fetch the values from the $webhookdata.

$Webhookbody = $webhookdata | ConvertFrom-Json

$reqbody= $Webhookbody

$alertName = $

$Linktosearchresult = $

$Alert_Description = $

$Search_Query = $






80 views0 comments

Recent Posts

See All

As a member of a Security Operations Center (SOC), one of the key responsibilities is to generate regular reports on incidents. These reports provide valuable insights into the security landscape and

bottom of page