Jun 25 2020 09:18 AM - edited Jun 25 2020 09:19 AM
Hi all,
Has anyone managed to create a playbook which will alert or take action on alerts which occur from any of the rules "Create incidents based on (Microsoft Stack Technology e.g. MDATP, MCAS, AATP etc.)" within Azure Sentinel, Without needing another analytics rule?
I've managed to alert on the incidents from the technologies using my own analytics rule pulling the events from the incidents table. Within this analytics rule I've attached a playbook which will then alert on these rules.
Would be interesting to see how other people have overcome this issue.
Jun 26 2020 05:44 AM
Solution@arran1580 This is coming soon. If you are interested, I would sign up for the Azure Sentinel private previews