Jun 03 2020 08:03 AM
Can someone explain to me the difference between playbooks and logic apps? It seems to me that every playbook is a logic app but not every logic app is really a playbook.
To my mind a playbook should be the automated response that kicks off when an event occurs like an incident being created so the playbook view should only show logic apps with specific triggers. The cross pollination of names and functionality here is confusing - though par for the course in Microsoft products in general.
I've just tried to use the new "When Azure Sentinel incident creation rule was triggered" trigger that's just entered preview but I cannot seem to add it to the automated response for my analytics rules even though it's listed in my playbooks.
Anybody had any luck with this actually working?
Jun 03 2020 08:57 AM
@endakelly A Playbook is a Logic App that is kicked-off using an Azure Sentinel trigger.
Without the Azure Sentinel trigger its just a Logic App.
Jun 03 2020 11:08 AM