Forum Discussion
How to generate Sentinel incidents to test playbooks?
Is there a tool or way to generate specific incidents in Sentinel so that we can test playbooks? Right now I am having to actually attempt to brute force a resource to generate an incident, is th...
Rod_Trent
Microsoft
MicrosoftReccoB You could also try this one:
https://secureinfra.blog/2020/08/13/azure-sentinel-analytics-rule-to-keep-track-of-cloud-shell/
All you have to do is initiate a Cloud Shell instance and an Incident will be created with the entities you need for investigations, automation, etc.
- Another option is to use the "datatable" command in a dummy analytic rule that will generate exactly what you need to test in your playbook and then switch to your real analytic rule when your testing is complete.
- This link is bad now.
- Rod_TrentWhich one?
Here's the Analytics Rule: https://github.com/rod-trent/SentinelKQL/blob/master/AR-CloudShellExecution.txt
Sending emails: https://azurecloudai.blog/2020/09/23/sentinel-email-notification-logic-app/
