Forum Discussion
Automatically create incidents from Microsoft security alerts and send notification
Hello, we have trigger the rule "Automatically create incidents from Microsoft security alerts" and generate incidents successfully. However, we have no idea how to connect these kind of incidents (from security center) with notification email playbook of other sentinel rules. We know there is a notification setting in Security center. Is it possible to set the auto playbook for the incidents from Microsoft security alerts?
3 Replies
- You can now achieve this with Automation Rules
https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules
Remember to adjust any playbook triggers to "When Azure Sentinel incident creation rule was triggered" to be able to use them in automation rules. - Azure Sentinel Automation was announced at Ignite today so that should be showing up soon and that should handle your use case: https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-ignite-2021-what-s-new-in-azure-sentinel/ba-p/2175225
cklonger As of right now, you cannot do it. There is a private preview that, hopefully, will become a public preview soon that will allow this to occur.
