Forum Discussion
ReccoB
Aug 20, 2020Copper Contributor
How to generate Sentinel incidents to test playbooks?
 Is there a tool or way to generate specific incidents in Sentinel so that we can test playbooks?     Right now I am having to actually attempt to brute force a resource to generate an incident, is th...
Rod_Trent Microsoft
Microsoft
Aug 21, 2020ReccoB You could also try this one:
https://secureinfra.blog/2020/08/13/azure-sentinel-analytics-rule-to-keep-track-of-cloud-shell/
All you have to do is initiate a Cloud Shell instance and an Incident will be created with the entities you need for investigations, automation, etc.
JBUB_Accelerynt
Apr 20, 2023Brass Contributor
This link is bad now.
- Rod_TrentApr 20, 2023Microsoft Which one?
 Here's the Analytics Rule: https://github.com/rod-trent/SentinelKQL/blob/master/AR-CloudShellExecution.txt
 Sending emails: https://azurecloudai.blog/2020/09/23/sentinel-email-notification-logic-app/