5 Introducing Microsoft Sentinel Automation

In the previous chapter, we introduced a few SOAR tools and some of the main features we can utilize in our day-to-day operations. We showcased what incident management, investigation, automation, and reporting look like in real tools and offered some directions on how to utilize them.

This chapter will focus on Microsoft Sentinel automation, and we will dive deep into each element when working with it. We will discuss automation rules, playbooks, their elements and permissions, and prepare you for hands-on examples that will be covered in Chapters 6 to 8.

In this chapter, we will discuss the following:

The purpose of Microsoft Sentinel automation
All about automation rules
All about playbooks
Monitoring ...

Get Security Orchestration, Automation, and Response for Security Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Orchestration, Automation, and Response for Security Analysts by Benjamin Kovacevic, Nicholas Dicola

5

Introducing Microsoft Sentinel Automation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly