Chapter 11: Creating Playbooks and Logic Apps
In the previous chapters, you learned about the Security Information and Event Management (SIEM) side of Azure Sentinel. Now it is time to learn about the Security Orchestration, Automation, and Response (SOAR) capabilities.
Azure Sentinel's SOAR features allow for automated, or semi-automated, responses to the creation of alerts. This allows you to develop workflows that can perform tasks such as blocking an IP address from getting through a firewall, blocking a suspicious username, or something simple such as sending an email to the security team letting them know a new high-severity alert was generated. When you combine the automation capabilities offered by Azure Sentinel with the protection ...
Get Learn Azure Sentinel now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.