From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Join today to access over 24,900 courses taught by industry experts.
Configure analytic rules to trigger automation
From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Configure analytic rules to trigger automation
- [Instructor] Moving into configuring analytic rules to trigger automation. To run the playbook automatically on incident creation, we will need to add it to the automation rule by using the when an incident is created trigger and run playbook as the action. As discussed in the first part of this lesson, we create a new automation rule and then select the analytics rule name for which this playbook will run. In our case, the analytics rule is called test malicious URL, and then we choose our playbook under actions. You can run it on all active analytics rules based on a playbook scenario you create. This is how we can run our newly created playbook. Okay. You can also create an automation rule from the incidents blade directly to respond to a single recurring incident. And this is useful when creating a suppression rule for automatically closing noisy incidents. So you can select an incident from the queue and then…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
-
-
-
-
(Locked)
Learning objectives55s
-
(Locked)
Create and configure automation rules12m 16s
-
(Locked)
Create and configure Microsoft Sentinel playbooks12m 24s
-
(Locked)
Configure analytic rules to trigger automation3m 22s
-
(Locked)
Trigger playbooks manually from alerts and incidents1m 28s
-
(Locked)
Run playbooks on on-premises resources7m 57s
-
(Locked)
-
-
-
-