在Microsoft Sentinel 连接器的 playbook 中使用“添加任务”操作,以便将任务自动添加到触发了 playbook 的事件。 支持标准工作流和消耗工作流。提示 事件任务不仅可以通过 playbook 和自动化规则自动创建,还可以在事件中临时手动创建。有关详细信息,请参阅在Microsoft Sentinel 中使用任务管理事件。
playbook 是可在 Microsoft Sentinel 中运行以响应整个事件、单个警报或特定实体的一个流程集合。 playbook 可以帮助自动处理和编排响应,并且可以附加到自动化规则,以便在生成特定警报或者创建或更新事件时自动运行。 还可以针对特定事件、警报或实体手动运行 Playbook。 本文介绍如何创建和管理 Microsoft Sentinel playbook。
Automate and run playbooks Advanced playbook scenarios SOC optimizations Manage Microsoft Sentinel Troubleshoot Reference Resources Save Add to Collections Add to Plan Share via Facebookx.comLinkedInEmail Print Article 05/22/2024 1 contributor
Playbooks are a list of actions that will be performed on the incident. They can include enrichment, response, remediation, and much more. To achieve this, Microsoft Sentinel utilizes a Microsoft Azure solution calledLogic Apps-- a platform used to create and run automated workflows. This platf...
Automation rules can also automate responses for multiple analytics rules at once, control the order of actions that are executed, and run playbooks for those cases where more complex automation tasks are necessary. In short, automation rules streamline the use of automation in Microsoft Sentinel, ...
In Microsoft Sentinel, you can utilize Tasks functionality for this purpose. Tasks can be added manually to the incident after the creation or using automation rules and/or playbooks automatically on incident creation. We're happy to announce that Microsoft Sentinel Tasks feature is now...
microsoft-sentinel":{"__typename":"Category","id":"category:microsoft-sentinel","entityType":"CATEGORY","displayId":"microsoft-sentinel","nodeType":"category","depth":4,"title":"Microsoft Sentinel","shortTitle":"Microsoft Sentinel","parent":{"__ref":"Category:category:Micro...
On the Microsoft Sentinel | Incidents page, select an incident that has been created based on the deletion of the virtual machine. In the details pane, select Actions and Run playbook (Preview). On the Run playbook on incident page, in the Playbooks tab, you should see the Closi...
AutomationRuleRunPlaybookAction[] The actions to execute when the automation rule is triggered. properties.displayName True string The display name of the automation rule. properties.order True integer The order of execution of the automation rule. properties.triggeringLogic True AutomationRule...
Creating an incident is also available as a Logic Apps action in the Microsoft Sentinel connector, and therefore in Microsoft Sentinelplaybooks. You can find theCreate incident (preview)action in the playbook schema for the incident trigger. ...