Introduction
Microsoft Sentinel, in addition to being a Security Information and Event Management (SIEM) system, is also a platform for Security Orchestration, Automation, and Response (SOAR). One of its primary purposes is to automate any recurring and predictable enrichment, response, and remediation tasks that are the responsibility of your Security Operations Center and personnel (SOC/SecOps)
You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You've identified an analytical rule that generates incidents that are considered Benign Positive. You would like to automatically close these incidents after generation.
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
After completing this module, you'll be able to:
- Explain automation options in Microsoft Sentinel
- Create automation rules in Microsoft Sentinel