Implement automation rules and playbooks in Microsoft Sentinel

Module
7 Units

Intermediate

Security Engineer

Microsoft Sentinel

Microsoft Defender XDR

Azure Logic Apps

Automate incident management in Microsoft Sentinel using automation rules and Logic Apps playbooks. Create automation rules to triage and route incidents, activate a prebuilt response playbook from Content Hub, and author a custom playbook. The process implements an automated notification and response workflow.

Learning objectives

After completing this module, you'll be able to:

Explain the difference between automation rules and playbooks in Microsoft Sentinel
Create automation rules to automate incident management tasks
Configure and activate a prebuilt playbook from the Microsoft Sentinel Content Hub
Author a custom Logic Apps playbook and connect it to an automation rule

Prerequisites

Experience setting up a Microsoft Sentinel workspace and connecting data sources
Familiarity with Microsoft Sentinel incidents and analytics rules
Basic understanding of Azure Logic Apps concepts

Introduction min
Understand Microsoft Sentinel automation options min
Create automation rules in Microsoft Sentinel min
Configure and activate a Content Hub playbook min
Author a custom playbook with Azure Logic Apps min
Knowledge check min
Summary min

Start