Recently I've been connecting up all my different home lab services to Discord as a central notification hub using the easy Webhook integrations provided when you create a new server. I wanted to start connecting my Sentinel lab alerts to this Discord, and so I created a logic app to do this.

First, you'll need to create a Discord server and create an integration. You can find out [how to do that here.](https://www.svix.com/resources/guides/how-to-make-webhook-discord/

Shoutout to this article for the inspiration and from which I derived most of the format.

The logic app is simple and creates a nice looking notification message. It has the following features: * Dynamic colouring based on incident severity * Links to incident * Links to your Sentinel workspace

Things I'd like to add later on: * Dynamically change the link to the workspace based on alert provider (e.g. link to Defender if the alert came from Defender) * Parse entities nicely and add to the description of the notification * Shorten the URL to the Sentinel incident * Account for incidents with multiple alerts so it doesn't multiple notifications for the same incident

Breaking down the Logic App

You can safely skip the 'Base Module' from MSTAT. I just add it in as habit, it's not currently used in my logic app.

First we set some variables:

Then I convert the timezone to Brisbane:

Set our Variables (not pictured is the P4 step):

And send the POST to our Discord webhook:

You can find the HTML POST request on Github.