Now, in public preview, the Microsoft Sentinel UI makes it easy to run an existing Playbook against an Incident.
Now available in the Actions menu to make this capability more accessible, you can quickly select from the list of Playbooks to provide additional enrichment to the Incident.
Details in the Docs: Run a Playbook Manually
Incidentally, this same function is available through right-clicking the Incident…
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.