No Playbooks available when creating an Automation Rule.

%3CLINGO-SUB%20id%3D%22lingo-sub-2257238%22%20slang%3D%22en-US%22%3ENo%20Playbooks%20available%20when%20creating%20an%20Automation%20Rule.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2257238%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20wanting%20to%20create%20an%20automation%20rule%20to%20trigger%20a%20logic%20app%20to%20send%20me%20a%20slack%20notification%20whenever%20a%20specific%20alert%20comes%20through.%20My%20logic%20app%20has%20an%20Azure%20Sentinel%20trigger%20and%20I%20can%20see%20it%20if%20I%20am%20looking%20at%20all%20of%20my%20playbooks%20in%20the%20Automations%20tab%20in%20Sentinel.%20However%20when%20I%20create%20an%20automation%20rule%20and%20select%20the%20run%20a%20playbook%20action%20it%20says%20that%20no%20playbooks%20are%20available.%20Is%20this%20a%20bug%20or%20am%20I%20doing%20something%20wrong%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2257251%22%20slang%3D%22en-US%22%3ERe%3A%20No%20Playbooks%20available%20when%20creating%20an%20Automation%20Rule.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2257251%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F445249%22%20target%3D%22_blank%22%3E%40twessel%3C%2FA%3E%26nbsp%3BFor%20Azure%20Sentinel%20automation%2C%20the%20playbooks%20have%20to%20be%20using%20the%20Azure%20Sentinel%20Incident%20trigger%20(rather%20than%20the%20alert%20trigger).%26nbsp%3B%20The%20good%20news%20is%20that%20the%20Incident%20triggers%20gives%20you%20all%20the%20alert%20information%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am wanting to create an automation rule to trigger a logic app to send me a slack notification whenever a specific alert comes through. My logic app has an Azure Sentinel trigger and I can see it if I am looking at all of my playbooks in the Automations tab in Sentinel. However when I create an automation rule and select the run a playbook action it says that no playbooks are available. Is this a bug or am I doing something wrong?

1 Reply

@twessel For Azure Sentinel automation, the playbooks have to be using the Azure Sentinel Incident trigger (rather than the alert trigger).  The good news is that the Incident triggers gives you all the alert information as well.