Special thanks to @BenjiSec for creating the Automation Health workbook and @Yechiel_Levin who contributed to this article.
These days, when organizations are looking to do more with less resources, automation capabilities are a critical asset for organizations. Microsoft Sentinel automation rules and playbooks allow customers to turn repetitive manual processes to automatic flows. They save time and resources and allow security teams to focus on their main goal: protecting the organization from threats and investigating the important incidents that require their attention.
While Microsoft Sentinel automation features rely on the robust and powerful Azure engines, we understand that SOC engineers still want to make sure their automations run as expected. Having the ability to monitor automation rules and playbooks at scale allows teams to automate more scenarios and ensure everything happens as expected behind the scenes.
The Automation health workbook (created by the great @BenjiSec) helps you visualize your health data, as well as the correlation between the two types of logs that we just mentioned.
Track playbooks triggering and runs results
Microsoft Sentinel's health monitoring table allows you to track the triggering of playbooks, but to monitor what happens inside your playbooks and their results when they're run, you must also turn on Azure Logic Apps diagnostics.
Correlate Azure Logic Apps diagnostic logs to know the result status of playbooks triggered by Microsoft Sentinel.