Create Playbook from Microsoft Security Rule Type

Occasional Contributor

Can you create a playbook off of alerts generated by alerts that are of the Microsoft Security Rule Type? In this case I am wanting to create a playbook off of alerts in Sentinel generated by Azure AD Identity Protection. When I go and edit the settings for other analytic rules there is a column for attaching a playbook but I noticed when I go into analytics created by Microsoft Security I cannot. Im assuming that I could take the query that the Identity protection connector is running and create a custom analytic and then attach a playbook to that but I was just seeing if there was an easier way to do this first.

1 Reply

@twessel That's not currently available. You can only assign automated responses to Scheduled Rules.