Currently we are doing Demos upon demos, POC upon POC of OMS. Everybody seems keen to get into to it!

One of the function of OMS Log Search is Alerts.

These alerts can be setup to trigger a runbook in Automation when the alerts trigger.

Here is a simple template to use for getting the content of the data sent from OMS:

param($webhookdata)

# Get Webhook Data
$RequestBody = ConvertFrom-JSON $WebhookData.RequestBody

# Searching Webhook Data for Value Results
$SearchResults = $RequestBody.SearchResults
$SearchResultsValue = $SearchResults.value
Foreach ($item in $SearchResultsValue)
{
    $UserName = $item.TargetUserName #Field name


}

Thats it !