Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | Enhanced Azure Sentinel Alert remediation in the SOC Process Framework

Microsoft

JasonCohen1892_0-1623942902951.png

Enhanced Azure Sentinel Alert remediation in the SOC Process Framework - Microsoft Tech Community

Microsoft’s Azure Sentinel now provides a Timeline view within the Incident where alerts now display remediation steps. The list of alerts that have remediations provided by Microsoft will continue to grow. As you can see in the graphic below, one or more remediation steps are contained in each alert. These remediation steps tell you what to do with the alert or Incident in question. 

 

However, what if you want to have your own steps, or what if you have alerts without any remediation steps?

 

Now available to address this is the Get-SOCActions Playbook found in GitHub (Azure-Sentinel/Playbooks/Get-SOCActions at master · Azure/Azure-Sentinel (github.com)). This playbook uses a .csv file uploaded your Azure Sentinel instance, as a Watchlist containing the steps your organization wants an analyst to take to remediate the Incident they are triaging. More on this in a minute.

0 Replies