Forum Discussion
How to generate Sentinel incidents to test playbooks?
Is there a tool or way to generate specific incidents in Sentinel so that we can test playbooks? Right now I am having to actually attempt to brute force a resource to generate an incident, is th...
Rod_Trent
Microsoft
MicrosoftReccoB You could also try this one:
https://secureinfra.blog/2020/08/13/azure-sentinel-analytics-rule-to-keep-track-of-cloud-shell/
All you have to do is initiate a Cloud Shell instance and an Incident will be created with the entities you need for investigations, automation, etc.
Another option is to use the "datatable" command in a dummy analytic rule that will generate exactly what you need to test in your playbook and then switch to your real analytic rule when your testing is complete.