From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,300 courses taught by industry experts.
Responding to threats using automation
From the course: Implementing and Administering Microsoft Sentinel
Responding to threats using automation
- [Man] One way to respond to threats in Microsoft Sentinel is with automation playbook. And in this session, I want to focus on where and how you discover the playbook samples or templates that are available to you from Microsoft and community, as well as the authoring experience. So automation playbooks are based on Azure logic apps. And in fact, they are Azure logic apps with a specialized Sentinel specific trigger. They run from Microsoft Sentinel as an automated alert response, if you wish, but really we can configure these playbooks to run manually or automatically as part of an analytics rule or an automation rule. We'll talk about automating response fully in other videos, but you can find samples in the automation playbook gallery, in the content hub, both of which are in the Sentinel portal and then the Sentinel community repository on GitHub. And with logic app, we have at our avail hundreds of connectors to Microsoft and third-party software services, network devices, you…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.