Forum Discussion
New Blog Post | Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules
Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules - Microsoft Tech Community
In addition to being a Security Information and Event Management (SIEM) system, Microsoft Sentinel is a security orchestration, Automation, and Response (SOAR) platform. One of its primary purposes is to automate any recurring and predictable enrichment, response, and remediation tasks that are the responsibility of your Security Operations Center and personnel (SOC/SecOps). With this, we can free up time and resources for more in-depth investigation and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks.
This blog is part of a multi-series
Part 1: Automation rules – this blog
Part 2: Playbooks – coming soon
Part 3: Dynamic content and expressions – coming soon
Part 4: Send email notification options – coming soon