How to generate Sentinel incidents to test playbooks?

Occasional Contributor

Is there a tool or way to generate specific incidents in Sentinel so that we can test playbooks?


Right now I am having to actually attempt to brute force a resource to generate an incident, is there not an easier way?

2 Replies

@ReccoB You can use the script found here with some modifications to upload some dummy data into a custom log, create an analytics rule that looks for that information, and then assign a Playbook to that rule.


Keep in mind that this can only write to a custom log hence the need for a new analytics rule (or change an existing one to look at the custom log)

@ReccoB You could also try this one:


All you have to do is initiate a Cloud Shell instance and an Incident will be created with the entities you need for investigations, automation, etc.