Jun 25 2020
09:18 AM
- last edited on
Jan 04 2022
12:08 PM
by
TechCommunityAP
Jun 25 2020
09:18 AM
- last edited on
Jan 04 2022
12:08 PM
by
TechCommunityAP
Hi all,
Has anyone managed to create a playbook which will alert or take action on alerts which occur from any of the rules "Create incidents based on (Microsoft Stack Technology e.g. MDATP, MCAS, AATP etc.)" within Azure Sentinel, Without needing another analytics rule?
I've managed to alert on the incidents from the technologies using my own analytics rule pulling the events from the incidents table. Within this analytics rule I've attached a playbook which will then alert on these rules.
Would be interesting to see how other people have overcome this issue.
Jun 26 2020 05:44 AM
Solution@arran1580 This is coming soon. If you are interested, I would sign up for the Azure Sentinel private previews
Jun 26 2020 05:44 AM
Solution@arran1580 This is coming soon. If you are interested, I would sign up for the Azure Sentinel private previews