Buried deep into each Incident is a location to determine which automations have been run against the Incident you are working with.
This is a good spot to help determine if automation is working. This area will show those that have been run both manually against the Incident and those that were run against the Incident as part of the Analytics Rule.
To get there:
- In the Incident Details, on the Alerts tab, click the View Playbooks link.
- Instead of hovering on the default Playbooks tab, click over to the Runs tab as shown in the image.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]