Now, in public preview, the Microsoft Sentinel UI makes it easy to run an existing Playbook against an Incident.
Now available in the Actions menu to make this capability more accessible, you can quickly select from the list of Playbooks to provide additional enrichment to the Incident.
Details in the Docs: Run a Playbook Manually
Incidentally, this same function is available through right-clicking the Incident…
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]