Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

No Playbooks available when creating an Automation Rule.

Copper Contributor

I am wanting to create an automation rule to trigger a logic app to send me a slack notification whenever a specific alert comes through. My logic app has an Azure Sentinel trigger and I can see it if I am looking at all of my playbooks in the Automations tab in Sentinel. However when I create an automation rule and select the run a playbook action it says that no playbooks are available. Is this a bug or am I doing something wrong?

1 Reply

@twessel For Azure Sentinel automation, the playbooks have to be using the Azure Sentinel Incident trigger (rather than the alert trigger).  The good news is that the Incident triggers gives you all the alert information as well.