Forum Discussion

Cristian Calinescu's avatar
Cristian Calinescu
Brass Contributor
Nov 05, 2019

Adding playbooks to Microsoft Security out-of-the-box alert rule templates

Hi all, I am trying to find a way to attach a playbook to the default Microsoft Security alert rules in Azure Sentinel. I am referring to the rules that automatically create Azure Sentinel incidents...
pemontto's avatar
pemontto
Brass Contributor
Jul 16, 2020

Hi Ofer_Shezaf this one has been open a while. Are we likely to get functionality where we can run automated responses for all rule types? It really breaks up workflows where they're intended to be managed in other tools (Jira, SNow). Operators now need to be eyes on glass in Sentinel as well.

 

The only workaround we're aware of is to write a scheduled rule (for each severity) that searches the SecurityAlert table :sad:

  • Ofer_Shezaf's avatar
    Ofer_Shezaf
    Icon for Microsoft rankMicrosoft
    Jul 16, 2020

    pemontto : the feature is currently in private preview.

    • Manvie's avatar
      Manvie
      Copper Contributor
      Jan 08, 2021

      Ofer_Shezaf Do you have an update on the progress for this feature ?

      Thanks

      • Ofer_Shezaf's avatar
        Ofer_Shezaf
        Icon for Microsoft rankMicrosoft
        Jan 10, 2021

        Manvie : still in private preview, I hope we are getting closer to going public. We made major changes based on private preview input.

Resources