Forum Discussion
Trigger playbooks without creating an alert using analytic rules
I want to trigger a playbook without creating neither an incident nor an alert using an analytic rule. I know there is an option to disable incident creation in the analytic rule but there is no option to disable alert creation.
Thanks in Advance.
1 Reply
vraj95soni this is not possible as a playbook is just an Azure Logic App that uses either the MS Sentinel Alert or Incident trigger so it needs either an alert or an incident to kick it off.
I would suggest looking at using just a regular Logic App. Can you say what you are trying to do?
As far as an analytic rule not creating an alert or an incident, I would have to ask why you would even have the rule? Maybe a Threat Hunting query would work better for you as they don't create either an alert or an incident (although they cannot kick off playbooks either)
