One of the things about Microsoft Sentinel that makes it a great product to build community around is how easy it is to create cool things and then share them. A lot of this capability is due to the query language (KQL) and how easy it is to use and learn.
KQL powers Workbooks, Hunting queries, Analytics Rules, etc., etc. But one area, the Playbooks, isn’t powered by KQL. Playbooks are based on Azure Logic Apps, and the logic and connections contained in a Playbook workflow
Unlike Workbooks where you can simply copy and paste the JSON code, you can’t quickly deploy a Microsoft Sentinel Playbook due to the litany of tenant-specific information and Logic App connector dependencies contained in the code.