Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks - Microsoft Tech Community
This blog is part of a multi-series
Part 1: Automation rules
Part 2: Playbooks – this blog
Part 3: Dynamic content and expressions – coming soon
Part 4: Send email notification options – coming soon
A playbook is a collection of response and remediation actions and logic that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response, integrate with other internal and external systems, and be set to run automatically in response to specific alerts or incidents triggered by an analytics rule or an automation rule. It can also be run on-demand manually from the incidents page in response to alerts.