Skip to main content

Hi

We have recently ‘pointed’ our Microsoft 365 security alert emails to Freshservice so that any critical alerts raised by 365 get logged in Freshservice and via workflow automation get assigned to the appropriate team etc. The emails come from office365alerts@microsoft.com so we have setup a generic Microsoft requester with that email address. This works fine.

What would be ideal however is if we can actually assign the ticket to the actual requester in Freshservice that’s involved in the alert. In the Description of the ticket is the following example:

 

An informational alert has been triggered

⚠️ User requested to release a quarantined message

Severity: ● Informational

Time: 12/12/2022 10:00:00 AM (UTC)

Activity: QuarantineRequestReleaseMessage

User: firstname.surname@company.co.uk

 

This user corresponds to the requester in Freshservice. Is there any clever way I can assign the ticket to the requester that corresponds with the above in the description?

Thanks

We do something where we want a ‘requested for’ to replace the requestor and have the original requestor added as a CC’d user. We use a ‘web request’ node to fire off the following endpoint.
https://"yourFSdomain]/api/v2/tickets/{{ticket.id_numeric}}/api/v2/tickets/{{ticket.id_numeric}}

 

with the following body:

{
  "ticket": {
    "email": {{variableWithEmail}}
  }
}

 

You would need to use an expression node to get the email by itself into a variable.

 

Something similar to this may work for you. Let me know if you need more specific help.


Thanks for this. How can i use an expression to get the email address from the description? 


Hi @mythumbsclick,

 

There is another thread with the same ask as you so you could check if that solution helps - 

 


Got this working nicely now. Thanks for your pointers!


(I marked my answer as the best answer accidentally - How can i change best answer to the below reply?)

We do something where we want a ‘requested for’ to replace the requestor and have the original requestor added as a CC’d user. We use a ‘web request’ node to fire off the following endpoint.
https://>yourFSdomain]/api/v2/tickets/{{ticket.id_numeric}}/api/v2/tickets/{{ticket.id_numeric}}

 

with the following body:

{
  "ticket": {
    "email": {{variableWithEmail}}
  }
}

 

You would need to use an expression node to get the email by itself into a variable.

 

Something similar to this may work for you. Let me know if you need more specific help.

 


Got this working nicely now. Thanks for your pointers!

I don’t suppose you’d be able to share the process that you’ve used for this, as I’m looking to do the same.  I have Office 365 sending the alerts into Freshservice, but struggling for the syntax and workflows to use to generate tickets that contain the requestor from the alert content.


Reply