Base Module - Trigger from Incident ARM Id

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)

https://aka.ms/mstat

MIT License

9 stars 1 forks source link

Base Module - Trigger from Incident ARM Id #79

Open briandelmsft opened 5 months ago

briandelmsft commented 5 months ago

For CfS plugin, execute base module using only Sentinel incident arm id as input

piaudonn commented 5 months ago

Could we have the copilot module do this conversion? The copilot module to construct the regular input for the base module? Then no modif to the base module, everything is made before?

briandelmsft commented 5 months ago

@piaudonn I really don't know. Let's assume we can do it that way. Do you think it would be a waste of SCU for something we can easily do in the function?