Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition

Chapter 7 Automating response

Security Orchestration, Automation and Response (SOAR) is defined as a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance.

In Microsoft Sentinel, you can leverage automation rules and Playbooks—which is a direct integration with Logic Apps—to perform SOAR for Incidents that are created in your environment. Automation rules are a way to automate incident handling to perform simple tasks like assigning the incident to SOC personnel. Automation rules can also call Playbooks that provide the ability to build flows that can automate your investigations and respond to security ...

Get Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition by Nicholas DiCola, Yuri Diogenes, Tiander Turpijn

Chapter 7

Automating response

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly