Best practices for Sentinel components Deployment

%3CLINGO-SUB%20id%3D%22lingo-sub-1731825%22%20slang%3D%22en-US%22%3EBest%20practices%20for%20Sentinel%20components%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1731825%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20working%20on%20configuring%20sentinel%20components%20such%20as%20playbooks%2C%20workbooks%2C%20Hunting%2C%20Alerting%20rules%2C%20connectors%20via%20the%20Azure%20DevOps%20CI%2FCD%20pipeline%2C%20but%20when%20I%20dig%20in%20deep%2C%20I%20am%20thinking%20that%20playbooks%2C%20workbooks%2C%20connectors%20need%20a%20long-lined%20specific%20schema%2FJSON%20format%20to%20update%2Fadd%20as%20artifacts%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20in%20this%20case%20I'd%20like%20to%26nbsp%3B%20seek%20some%20suggestions%20on%20best%20practices%20for%20Azure%20sentinel%20deployment%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Evia%20the%20portal%20UI%20or%20by%20pipelines%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1731825%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

I'm working on configuring sentinel components such as playbooks, workbooks, Hunting, Alerting rules, connectors via the Azure DevOps CI/CD pipeline, but when I dig in deep, I am thinking that playbooks, workbooks, connectors need a long-lined specific schema/JSON format to update/add as artifacts 

 

so in this case I'd like to  seek some suggestions on best practices for Azure sentinel deployment 

 

via the portal UI or by pipelines?

 

0 Replies