Jul 05 2022 02:36 PM
A playbook in Microsoft Sentinel is a collection of actions that can be run as a routine. It can be run manually or set to run automatically in response to specific alerts or incidents. Previously, playbooks designated to run in response to alerts could be automatically invoked only by an analytics rule. Now, you can use automation rules to centrally manage and run your alert-trigger playbooks in addition to your incident-trigger playbooks.