Forum Discussion
Solved
Run Playbook Action Blank Automation
Hey All, When I select action the then Run Playbook, see screenshot, it get no available items, anyone else had this?
- What is the first step? I think you are using a Playbook which should be triggered by an alert, instead of an incidents.
Incident based Playbooks needs to be configured through automation rules
Alert based Playbooks through the Analytics Rule configuration (in the automation tab)
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#respond-to-alerts
Do you have any Playbooks configured with the Incident trigger? Do you have Logic App Contributor permission on the Logic Apps?
- Hi,
I do have two of them linked to incidents, the rest are not. The account I'm using has owner level permissions.- Could you provide an overview of your Logic App? A screenshot of the top part?
The trigger should be When Azure Sentinel incident creation rule was triggeredSure the attached is from the github playbook that we use to run an IP check against anonymous IP Alerts Thijs Lecomte
