Microsoft Sentinel – Getting started with Automation Rules and Playbooks to help automate threat response

Microsoft Sentinel’s automation rules give you the ability to develop and organize rules that can be used in a variety of scenarios, allowing you to manage automation from a central location. A playbook is a compilation of various corrective actions that may be routinely executed from Microsoft Sentinel.

When triggered by specific alerts or incidents, as determined by an analytics rule or an automation rule, a playbook can help automate and orchestrate your threat response. It can be used manually or set to run automatically in response to specific alerts or incidents.

Take a look at this video on getting started with Automation Rules & Playbooks

Regards

Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: