Microsoft Sentinel Automation Rules Get Advanced Conditions

A new feature in Preview has just rolled out into customers’ Microsoft Sentinel environments that has become one of the more popular asks and more evidence that the Microsoft teams work hard to deliver on customer requests.

If you’ve ever felt that you needed just a bit more capability for Automation Rules, there are now advanced conditions available.

Advanced Automation Rule Conditions

With the new capability, you can create multiple levels of both simple (at least two) and complex conditions for quickly automating responses to incoming Microsoft Sentinel Incidents.

The Docs have been updated already to reflect the changes:

Add advanced conditions to Microsoft Sentinel automation rules | Microsoft Learn

Create and use Microsoft Sentinel automation rules to manage response | Microsoft Learn


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]