Forum Discussion
auto assessment playbook with "tag indicators"
Has anyone here done any work on the idea of a playbook to perform triage on Sentinel incidents? eg: If the incident contains a username entity, run these kql queries and create tags depending on t...
I did something similar, incident enrichment to check reputation IP address, check IP safe watchlist, check if the device is Azure hybrid ad join, user agent during sign in, cloud app, I put all information to comment
Excellent suggestions thanks Pawel!!!!!