Hey Mohamad,
Thanks for your reply, this is what I ended up doing as a workaround as well just after posting -- It's probably the "better" method for this case.
------------------------------
Nick B
------------------------------
Original Message:
Sent: Sun November 05, 2023 07:30 AM
From: mohamad islam hamadieh
Subject: Assigning Incident Type IDs to Newly Created Cases from fn_Microsoft_Sentinel
I know that's not what you are looking for but a workaround would be to create a rule.
incidents is created.
Name contains "sentinel"
set incident type Maintenance
------------------------------
mohamad islam hamadieh
Original Message:
Sent: Thu November 02, 2023 12:20 PM
From: Nick B
Subject: Assigning Incident Type IDs to Newly Created Cases from fn_Microsoft_Sentinel
Hi Community,
I'm looking for a format/method to assign an incident type ID to newly created cases from the MS Sentinel integration. Currently, I'm using the default Jinja template for the create_incident_template config. I've tried using the following inside of the jinja template:
"incident_type_ids": "Maintenance",
and
"incident_type_ids": {{ properties.incident_type_ids('{"Maintenance"}')}}
Seems that it's a formatting issue on my part.
------------------------------
Nick B
------------------------------