Announced on Wednesday, Automation Rules (and the new Automation blade) for Azure Sentinel have now been made available in the console. There’s two types of SOAR capability in Azure Sentinel now: Playbooks (which is what you’re already familiar with) and Automation Rules.
As I like to do here on this blog, I’ll circle back and talk about the deeper nuances of this feature in future blog posts, but for now, there’s some valuable resources to share so you can get a better understanding of the value of this new SOAR direction.
Our docs platform has been updated with the new Automation topic. There’s new concepts to understand, as well as, new technical features to get a grasp on. Have fun with these and keep watching, I’ll wrap together some deeper learning soon.
- Introduction to automation in Azure Sentinel | Microsoft Docs
- Automate incident handling in Azure Sentinel | Microsoft Docs
- Automate threat response with playbooks in Azure Sentinel | Microsoft Docs
- Tutorial: Use playbooks with automation rules in Azure Sentinel | Microsoft Docs
P.S. The Automation blade is methodically rolling out to all customers. If you don’t see it yet in your environment, it will be available soon. It should be completely rolled out within the next couple weeks.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]