Forum Discussion
Entity playbook in XDR
Hello All! In my Logic Apps Sentinel automations I often use the entity trigger to run some workflows. Some time ago there was information, that Sentinel will be moved to the Microsoft XDR, some of ...
This is one of the things most MSPs are complaining about, there is nothing regarding entity playbooks execution in the roadmap, so chances are this functionality will not be part of the migration.
That being said, consider refactoring your master playbooks.
We are leveraging azure durable functions to automate enrichment and also entity level blocking if required whenever certain thresholds are met so that we can remove manual executions.
Also, defender XDR portal has many entity level operations
- revoke tokens
- mark user as compromised
- block account
- block IP, URL, FileHash
- some more