We recently started using security center, and we're trying to figure out the Workflow automation. I followed instructions (https://docs.microsoft.com/en-us/azure/security-center/workflow-automation) and it looks good, and is triggering.
and the logic app is pretty much default, and fires off an email when it is triggered.
So it seems to work, but it fires off quite a lot!
Has anyone used this workflow and a production environment where it doesn't flood a mailbox, or perhaps I'm missing a step. We're still pretty new with Azure Security Center and Workflows/logic apps.