Forum Discussion
Playbooks not triggering automatically when an alert is generated
Pranesh1060 : any news about the Sentinel trigger (preview) "When Azure Sentinel incident creation rule was triggered"? How to use it?
I tried to set the analytic rules (incident-based) with the Playbook using the new trigger but I got the error "Playbook XXXXXXX doesn't start with 'When_a_response_to_an_Azure_Sentinel_alert_is_triggered' step!"
TIA
Davide
DavideB So I ran into this at one point; I added a "delay" of one minute to my workflow so the Alert will be successfully created and written into Sentinel when it's sent out. This fixed that problem, so whenever a Sentinel Analytics rule would fire and I had the Workbook hooked in through a Sentinel Analytics Rule to a "When a response to an Azure Sentinel alert is triggered" it would work.
Now I'm experimenting with the "private preview" for when an "Incident" is created, as we want to forward not just Sentinel rules, but all alerts from all products. My confusion is how do I like the Incident Creation trigger to the rules that are "Create an Incident from MCAS Alert"-style Analytics rules?