Sentinel Playbook: Lock suspicious User Account

Copper Contributor

Hello toghether, 

I hope somebody had the same Use case. 
In Sentinel I like to run an Playbook which lock an User in the Azure (Cloud) and on Prem (AD), after an Analytic rule has triggerd / found suspicious activity. 


Best regards 

2 Replies