Aug 20 2020
03:05 PM
- last edited on
Dec 23 2021
04:49 AM
by
TechCommunityAP
Aug 20 2020
03:05 PM
- last edited on
Dec 23 2021
04:49 AM
by
TechCommunityAP
Is there a tool or way to generate specific incidents in Sentinel so that we can test playbooks?
Right now I am having to actually attempt to brute force a resource to generate an incident, is there not an easier way?
Aug 21 2020 04:27 AM
@ReccoB You can use the script found here https://gallery.technet.microsoft.com/PowerShell-script-to-0823e09d with some modifications to upload some dummy data into a custom log, create an analytics rule that looks for that information, and then assign a Playbook to that rule.
Keep in mind that this can only write to a custom log hence the need for a new analytics rule (or change an existing one to look at the custom log)
Aug 21 2020 04:58 AM
@ReccoB You could also try this one:
https://secureinfra.blog/2020/08/13/azure-sentinel-analytics-rule-to-keep-track-of-cloud-shell/
All you have to do is initiate a Cloud Shell instance and an Incident will be created with the entities you need for investigations, automation, etc.
Jun 22 2021 11:24 PM
Jun 23 2021 03:40 AM
@Singanna Just remember there are two types of playbooks (the incident based ones came out after that article was written) and, as of right now, only those that use the Alert trigger can be triggered manually but those cannot be added to Automation rules.
The playbooks that use the incident trigger cannot be triggered manually but can be added to Automation rules.
Jun 24 2021 06:57 PM
Apr 20 2023 12:44 PM
Apr 20 2023 01:03 PM
Apr 24 2023 06:18 AM
May 16 2023 05:48 AM