Forum Discussion
Playbook (Logic App) - trigger - When Azure Sentinel incident creation rule was triggered
MicrosoftPrashTechTalk : I am not aware that the private preview does not work. That said, the feature will be supported as part of a larger motion to enhance Sentinel automation, called automatoin rules, which is entering private preview as we speak.
- Hi everyone,
Do these logic apps/playbooks still need to be attached to every single analytics rule?
I'd like to create a 'global' playbook to add contextual information to every incident.
eg. apply MITRE SHIELD information to every incident's comment section.
I'm not eager to go to all 300 analytic rules and assign a playbook.SocInABox If you are using the Incident trigger in a playbook, you can use the Automation rules feature of Azure Sentinel to have that playbook automatically run for any incident that gets created.
https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules
Thanks Gary, but I'm not sure you're saying a 'global' playbook is possible?
You're saying I still have to assign my playbook to each individual analytic rules automation but it will be auto triggered if an incident is fired for that rule.Or are you saying there's a 'global' feature I don't understand?
Ofer_Shezaf - Playbook is not listed at the automated response section of the analytics rule (when in edit). Tenant is registered for private preview but sadly none of the playbook using new trigger displays in the automated response list.
