Forum Discussion
Adding playbooks to Microsoft Security out-of-the-box alert rule templates
Hi all, I am trying to find a way to attach a playbook to the default Microsoft Security alert rules in Azure Sentinel. I am referring to the rules that automatically create Azure Sentinel incidents...
Cristian Calinescu You will need to create a playbook where trigger is alert in whatever Azure Security tool you want to monitor alerts in, like Azure Security center or Advanced Threat Protection. Then you can trigger playbooks when such alerts are created. For example:
GunarsL- Thanks for the reply. This works indeed, but only for WDATP and Azure Security Center alerts. There is no trigger connector for Azure ATP, Microsoft Cloud App Security or O365 ATP alerts. Any further advise?
Does anyone have any other ideas in regards to this?