Forum Discussion
Solved
Run Playbook Action Blank Automation
Hey All, When I select action the then Run Playbook, see screenshot, it get no available items, anyone else had this?
- What is the first step? I think you are using a Playbook which should be triggered by an alert, instead of an incidents.
Incident based Playbooks needs to be configured through automation rules
Alert based Playbooks through the Analytics Rule configuration (in the automation tab)
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#respond-to-alerts
Sure the attached is from the github playbook that we use to run an IP check against anonymous IP Alerts Thijs Lecomte
What is the first step? I think you are using a Playbook which should be triggered by an alert, instead of an incidents.
Incident based Playbooks needs to be configured through automation rules
Alert based Playbooks through the Analytics Rule configuration (in the automation tab)
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#respond-to-alerts
Incident based Playbooks needs to be configured through automation rules
Alert based Playbooks through the Analytics Rule configuration (in the automation tab)
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#respond-to-alerts
- Yep that's solved it, made a test rule and change the triggering to Azure Sentinel Incident (Preview) thanks so much 🙂