Forum Discussion
mjamati
Jan 14, 2021Copper Contributor
Unable to add playbook to automated incident response for Azure Sentinel
I created a playbook using an Azure Sentinel Incident creation trigger, which shows up as in preview. I can test everything from the playbook itself: it's able to generate an email and/or slack m...
Hcrossley
Copper Contributor
mjamati Bumping this .
I am also unable to add playbooks to a Fusion Rule. I am able to see some playbooks within the "run playbook - action" but not all including the one I wish to use. I also can't see any difference in the playbooks I can and can't see. They are in the same resource group ect.
GaryBushey
Sep 30, 2021Bronze Contributor
Hcrossley I am able to see the "Advanced Multistage Attack Detection" fusion rule when I am look at the listing of all the rules. (ignore the blank entries in the list, that is another issue)
- HcrossleySep 30, 2021Copper Contributor
GaryBushey So my issue is when you select "run a playbook" It then only shows certain logic apps that can be run and not others. But I am unsure why it doesn't show them.
- GaryBusheySep 30, 2021Bronze ContributorMy guess would be that the ones you see use the Azure Sentinel Incident trigger and the others do not. Only those playbooks that use the Azure Sentinel Incident trigger can be used with Automation so those are the only ones that will be shown in the listing