![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 86%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,851 questions
Hi Cloudsec, Yes, you can use Azure Logic Apps to automate the enrichment of Sentinel incidents. With Microsoft Sentinel playbooks, based on workflows built in Azure Logic Apps, can be used for your SOAR operations. Also you can connect directly to the Microsoft Defender Threat Intelligence feed.
A good example and tutorial connecting threat intelligence sources from playbooks is this one: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/enrich-azure-sentinel-security-incidents-with-the-riskiq/ba-p/1534412
In essence, a playbook is a specialized Logic App designed to respond to Azure Sentinel triggers.
Reference:
- https://learn.microsoft.com/en-us/Azure/sentinel/threat-intelligence-integration
- https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
- https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents
- https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-automate-full-incident-lifecycle-with-incident-update/ba-p/3450306
I hope this information help you. Regards, Luis
If the information helped address your question, please Accept the answer.