cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Create Incidents Based on (Microsoft Technology Connectors) Playbook issues

%3CLINGO-SUB%20id%3D%22lingo-sub-1489646%22%20slang%3D%22en-US%22%3EMicrosoft%20Stack%20Playbook%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1489646%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20managed%20to%20create%20a%20playbook%20which%20will%20alert%20or%20take%20action%20on%20alerts%20which%20occur%20from%20any%20of%20the%20rules%20%22Create%20incidents%20based%20on%20(Microsoft%20Stack%20Technology%20e.g.%20MDATP%2C%20MCAS%2C%20AATP%20etc.)%22%20within%20Azure%20Sentinel%2C%20Without%20needing%20another%20analytics%20rule%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20managed%20to%20alert%20on%20the%20incidents%20from%20the%20technologies%20using%20my%20own%20analytics%20rule%20pulling%20the%20events%20from%20the%20incidents%20table.%20Within%20this%20analytics%20rule%20I've%20attached%20a%20playbook%20which%20will%20then%20alert%20on%20these%20rules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20be%20interesting%20to%20see%20how%20other%20people%20have%20overcome%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1489646%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAlerting%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPlaybook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1491939%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Incidents%20Based%20on%20(Microsoft%20Technology%20Connectors)%20Playbook%20issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1491939%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F553664%22%20target%3D%22_blank%22%3E%40arran1580%3C%2FA%3E%26nbsp%3BThis%20is%20coming%20soon.%26nbsp%3B%20If%20you%20are%20interested%2C%20I%20would%20sign%20up%20for%20the%20Azure%20Sentinel%20private%20previews%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
arran1580
Occasional Contributor

‎Jun 25 2020 09:18 AM - edited ‎Jun 25 2020 09:19 AM

‎Jun 25 2020 09:18 AM - edited ‎Jun 25 2020 09:19 AM

Create Incidents Based on (Microsoft Technology Connectors) Playbook issues

Hi all,

 

Has anyone managed to create a playbook which will alert or take action on alerts which occur from any of the rules "Create incidents based on (Microsoft Stack Technology e.g. MDATP, MCAS, AATP etc.)" within Azure Sentinel, Without needing another analytics rule?

 

I've managed to alert on the incidents from the technologies using my own analytics rule pulling the events from the incidents table. Within this analytics rule I've attached a playbook which will then alert on these rules.

 

Would be interesting to see how other people have overcome this issue.

Labels:
251 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by arran1580 (Occasional Contributor)
Gary Bushey

‎Jun 26 2020 05:44 AM

‎Jun 26 2020 05:44 AM

Solution

Re: Create Incidents Based on (Microsoft Technology Connectors) Playbook issues

@arran1580 This is coming soon.  If you are interested, I would sign up for the Azure Sentinel private previews 

0 Likes
Reply