Browse Guides

Loading list...
X
Supplier Import - CSV/XLS/Spreadsheet Method
Generating Agreement References
Introduction to Halo Guides
Ticket/Action Import - CSV/XLS/Spreadsheet Method
Client, Sites & Users Import - CSV/XLS/Spreadsheet Method
Pre-Pay V2
Deferring Project Revenue
Contents of Knowledge Base Guides
Iru Integration (Kandji)
Remote Support
Coralogix Integration
Start to Finish: Self-Service Portal
Grouping Tickets by Ticket Type in a Column Profile
Specifying Decimal Format in PDFs
Using Dollar Variables in Actions
Process Street Integration
SQL Imports - Licences and Subscriptions
HTML for 'Today's Date'
Runbook: Append a Recurring Invoice from Sales Order lines
Automated New Starter Requests into Microsoft Entra
Group Invoice Lines by Product Group
Managing a Recurring Invoice's Lines Quantity, Price and Cost for Subscriptions
Parent and Child Projects from Sales Orders
Project Task Creation Rules Based on a Multi-Select Field
Custom SQL Query for Licence/Subscription Count on Recurring Invoice Lines
Example Pay As You Go Client
Example Pre-Pay Client
Example All You Can Eat Agreement Client
Example Combination Client
Performing Ticket Approvals via API
Automated Tickets - Next Call Date
Linking one Appointment to a Ticket to Link all Appointments in the Same Series
Using QR Codes on PDF Templates
Annotating Images in Actions
Azure Actions
Custom Table Examples
Worked Example - Receiving & Delivering Stock with Assets Created at The Point of Consignment
How to change the colour of 'How can we help you today?' on the Portal
Ticket Category Defaults and Overrides
IronPDF Errors
3CX Integration
Email General Settings
Billing Templates
Asset Fields
Pax8 Integration
Agents
Importing Data
Asset Statuses
Asset Relationships
Syncing Exchange Calendars using the Microsoft Graph API
Using your Knowledge Base
Customer Types
CSV Templates
PDF Templates
Accounts Codes
Asset Types
Expenses
Actions
Google Mail Setup (Setting up Google Application)
Datto RMM Integration
Ticket Area Breakdown
Sites
Tax Rates
Using Category Group as Ticket Rule Criteria
Users
User Roles
Purchase Orders
Charge Types
Quotations General Settings
Approval Processes
TeamViewer Integration
Email Rules
A Step-by-Step Guide to Make a Bulk Change in the Halo Database Through the API Using JSON in Postman
Okta Integration
Open AI Integration
Active Directory Integration (LDAP)
Departments and Teams
Adding a Mailbox Without The Use of Azure or Google
Create Knowledge Base Articles using files/documents
GitHub Integration
Mail Processing FAQs
Populating Invoice Lines from $-Variables
Menu Buttons
PDF Templates
Notification Templates
Drag and Drop Tickets Onto a Calendar to Create Appointments
Email Threading
Agents
Holiday Management
ManageEngine Endpoint Central Integration
Canned Text
Chat Profiles
Organisational Chart
How To Bulk Update Tickets, Drag and Drop Tickets Into Different Queues, An Explanation of Ticket Symbols
Sales Mailboxes
Access Restrictions on Suppliers
Document Management
Automating Procurement
Custom Tables
Suppliers
An Introduction to Halo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Using and Configuring Halo
Using and Configuring Halo
Integrations
Integrations
Configuration Settings Guides
Configuration Settings Guides
On-Premises Guides
On-Premises Guides
About Halo
About Halo
Azure Sentinel Webhooks
Reading mode
Copy Link
Link Copied!
Print
Feedback
This guide has multiple versions available:
<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><p id="isPasted"><strong><em>This guide only covers the setup of the webhooks required. <strong data-pasted="true"><em>You will need to configure Azure Sentinel before you can use your webhooks.&nbsp;</em></strong>For comprehensive setup of the integration (including webhooks) checkout: <a href="https://usehalo.com/haloitsm/guides/1258/" target="_blank" rel="noopener noreferrer"><strong>Azure Sentinel Integration</strong></a>.</em></strong></p><p><br></p><p><strong>In this guide we will cover:</strong></p><p><strong>- Creating a Logic App in Microsoft Azure</strong></p><p><strong>- Sentinel Automation Rules</strong></p><p><strong>- Troubleshooting your Webhook</strong></p><p><br></p><p>This guide explains how to set up webhooks in Azure Sentinel to create tickets in your Halo instance. You will need to be able to create Logic apps and Sentinel Automations.</p><p><br></p><p><strong><span style="font-size: 14pt;">Creating a Logic App in Microsoft Azure</span></strong></p><p>Select the Multi-tenant Consumption hosting option.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijk0YzExNmNiLTM0NDEtNDQ0ZS04NjgyLWM3YjliYTMxYjkyZiJ9.giAAgCK4-jKoyuLBtg0VRHhj2DTLvxwwrQxZm0sSFIE" width="703" style="width: 705px; height: 227.197px;" height="227" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 1. Creating a new logic app.</span></strong></p><p><br></p><p>Fill out the Project and Instance details.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImZmNGEzOGRkLWRjZmQtNGNiNi05NjMzLTZiMWU1MDQ5YThjNyJ9.q--Ah6y3BbU3sjYH3qCtnx5cWiGeFj0zRmja5REn68c" width="630" style="width: 632px; height: 550.779px;" height="551" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 2. Filling out details.</span></strong></p><p><br></p><p>Once your Logic app has been deployed, go to the Logic app designer section under the Development Tools tab.</p><p><br></p><p>Add a trigger and select the &ldquo;Microsoft Sentinel incident&rdquo; option.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjUwZWEzZGMyLTkwNDctNDU3Mi1iODU0LWRiYTA4YmVmYmFiZiJ9.AF4DvBIQhoMXvqr9vofeAxueMucgD8qAWC_255uzIQE" width="644" style="width: 646px; height: 314.325px;" height="314" class="fr-fic fr-dii"></p><p><br></p><p>Add a new step after the Sentinel trigger and search for &ldquo;HTTP&rdquo;:</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxYTZkMzBiLWUwY2MtNDM1NC04YWU3LTE4ZjFkZjI4NWE1YiJ9.ctowE2FG0DeuBWbZyGOc5bQEZLsZB1p6XubRCseLnu0" width="683" style="width: 685px; height: 264.77px;" height="265" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 3. Adding a trigger.</span></strong></p><p><br></p><p>Fill out the HTTP action as follows:</p><p><br></p><p><strong>URI</strong>: {Your Halo URL}/api/Notify/AzureSentinel</p><p><br></p><p><strong>Method</strong>: POST</p><p><br></p><p><strong>Headers</strong>: Key = Authorization, Value = {&ldquo;username:password&rdquo; bas64 encoded}&rdquo;.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImY0YzU5MjgxLWNhYjctNGE0Mi1iZTE3LWI3NDgyM2U3Njc1OSJ9.Llh0DbJCnAGsdzq44lHcWbSrV3PE3z5dfiDldXZed_g" width="556" style="width: 558px; height: 466.05px;" height="466" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 4. Parameters.</span></strong></p><p><br></p><p>For the body, press the lightning icon to add objects from the previous step, choosing the body of the Sentinel trigger:</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijk4NDQwOTBkLWM1N2YtNDk2Ny1iYzllLTlhNmE1NWZiZGYzOSJ9.n-ljCDW85MTHw_2RiDngy-UE1OdqjIzycXZc8GDQh7c" width="522" style="width: 524px; height: 124.762px;" height="125" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 5. Body.</span></strong></p><p><br></p><p>Save the Logic app.</p><p><br></p><p><strong><span style="font-size: 14pt;">Sentinel Automation Rules</span></strong></p><p>Navigate to the Microsoft Sentinel resource and select the &ldquo;Automations&rdquo; section under the &ldquo;Configuration&rdquo; group.</p><p><br></p><p>Create a new Automation rule for each of the following triggers:</p><p><br></p><ul><li>When incident is created</li><li>When incident is updated</li></ul><p><br></p><p>Add an action to &ldquo;Run playbook&rdquo; and choose the playbook that was made previously.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc2MjkxZjg2LTRjZTktNGJjYi1hMDAwLWU1MDRiODUzMTg4MSJ9.EFBAnoT1IWCHE8Lt6YA1TBl9iSQ9ZtHgUTvZE5dMpd4" width="535" style="width: 537px; height: 371.769px;" height="372" class="fr-fic fr-dii"></p><p><strong><span style="font-size: 10pt;">Fig 6. Creating an automation rule.</span></strong></p><p><br></p><p>Save the automation rules.</p><p><br></p><p>Now whenever a Sentinel Incident is created or updated, the playbook will send a request to the Halo API and create/update a ticket in Halo.</p><p><br></p><p><strong><span style="font-size: 14pt;">Troubleshooting your Webhook</span></strong></p><p data-pasted="true">To identify errors with your Webhook you can try running the below report:</p><p><br></p><p style="margin-left: 20px;">SELECT top <span style="color: rgb(43, 155, 98);">100</span> * FROM integrationrequest</p><p style="margin-left: 20px;">WHERE IRMSiD = <span style="color: rgb(43, 155, 98);">275</span></p><p style="margin-left: 20px;">ORDER BY irid DESC</p><p>&nbsp;</p><p>This will show a record of your webhook. Since Microsoft requires a response to the API call faster than the authorisation can take place you will see the 200 &quot;OK&quot; response before the webhook arrives with the relevant details.</p>
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Platform
Platform Capabilities >
Use Cases
View all Use Cases >
Resources
Halo
Subscribe to Halo for latest news

By submitting, you are agreeing to our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Follow
© 2026 Halo Service Solutions. All Rights Reserved.
Terms & ConditionsPrivacy PolicySecurityTrust CentreGDPRAccessibilityModern Slavery StatementService Status