Has anyone managed to create a playbook which will alert or take action on alerts which occur from any of the rules "Create incidents based on (Microsoft Stack Technology e.g. MDATP, MCAS, AATP etc.)" within Azure Sentinel, Without needing another analytics rule?
I've managed to alert on the incidents from the technologies using my own analytics rule pulling the events from the incidents table. Within this analytics rule I've attached a playbook which will then alert on these rules.
Would be interesting to see how other people have overcome this issue.