Base Module - Trigger from Incident ARM Id

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)

https://aka.ms/mstat

MIT License

8 stars 1 forks source link

Base Module - Trigger from Incident ARM Id #79

Open briandelmsft opened 3 weeks ago

briandelmsft commented 3 weeks ago

For CfS plugin, execute base module using only Sentinel incident arm id as input

piaudonn commented 3 weeks ago

Could we have the copilot module do this conversion? The copilot module to construct the regular input for the base module? Then no modif to the base module, everything is made before?

briandelmsft commented 3 weeks ago

@piaudonn I really don't know. Let's assume we can do it that way. Do you think it would be a waste of SCU for something we can easily do in the function?