Sentinel Playbook: Lock suspicious User Account

Copper Contributor

Hello toghether, 


I hope somebody had the same Use case. 
In Sentinel I like to run an Playbook which lock an User in the Azure (Cloud) and on Prem (AD), after an Analytic rule has triggerd / found suspicious activity. 

 

Best regards 
Kevin

2 Replies