Azure Sentinel Playbook Use Cases

Senior Member

Good morning all!

 

Currently working on building some security playbooks within Azure Sentinel. We currently do not have any compute resources at the moment, mostly focused on monitoring sign-in logs, custom data connectors, and Defender for 0365 logs/alerts.

 

Are there any use cases others have built playbooks around that focus on these three fields? Also, has anyone had luck feeding Trellix logs/alerts into Sentinel?

 

Any input would be insightful, thank you all in advance!

0 Replies