Forum Discussion

Antonio_Alejandro's avatar
Jun 28, 2022

New Blog Post | Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules

Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules - Microsoft Tech Community

 

In addition to being a Security Information and Event Management (SIEM) system, Microsoft Sentinel is a security orchestration, Automation, and Response (SOAR) platform. One of its primary purposes is to automate any recurring and predictable enrichment, response, and remediation tasks that are the responsibility of your Security Operations Center and personnel (SOC/SecOps). With this, we can free up time and resources for more in-depth investigation and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks.

 

This blog is part of a multi-series

Part 1: Automation rules – this blog

Part 2: Playbooks – coming soon

Part 3: Dynamic content and expressions – coming soon

Part 4: Send email notification options – coming soon

 

No RepliesBe the first to reply

Resources