Azure Sentinel Gets Built-in Playbooks Templates and Expanded Menu Options

We have always provided a lot of awesome out-of-the-box collateral for customers to start using Azure Sentinel right after installation. Out-of-the-box there have been Analytics Rules, Data Connectors, Hunting Queries, Workbooks, etc, but there have never been any Playbook templates provided.

Today, if you venture inside the Automation section in the Azure Sentinel console, you’ll now see a Playbooks Templates tab.

Playbook Templates tab in Automation

The templates that exist here represent some of the most recommended and common automation scenarios. This gives customers the ability to start using Playbooks right away.

Creating the Playbook from the template is easy. The information screen shows all you need to know about the Playbook, including version. When you tap or click the Create Playbook button, a new in-console wizard for Playbook creation is started.

Creating a Playbook

Instead of the old method of Playbook deployment which started at our GitHub repository, the entire process is contained in the Azure Sentinel console.

Playbook deployment wizard

Automation, though, is still very much a decision that requires adequate planning. Choosing to automate the wrong thing at the wrong time could lock out your CEO when he needs to download a presentation for a critical meeting, for example.

With great automation comes great responsibility. 🙂

Additionally, the Create menu has changed slightly and now has the capability start a Playbook from scratch, or begin creating one with an Incident as the trigger or an Alert as the trigger. (thanks to the ever vigilant @Gary_Bushey for catching this one!)

New Playbook creation options

The Docs for this new feature are also available today:


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

[Subscribe to the Bi-Weekly Azure Security Center Newsletter]