How to give Sentinel permissions to run playbooks

Tux-nader 1 Reputation point
2021-03-25T20:02:07.183+00:00

We are just starting to build out our Sentinel deployment. I've just created by first playbook which runs fine manually. I need to create an automation that will run the playbook. When I selected "run playbook" under actions in the automation there were no playbooks in the next drop down to select. As I understand it Sentinel needs permission to run playbooks which it does with the Azure Sentinel Automation Contributor role (??). I spoke with our admin and he said he did give the resource group permissions to the playbooks but when I check it lists the resource group but with "No permissions".

How do we give Sentinel the appropriate permissions that will allow automations to run playbooks? In all the documentation I've found it simply states that this is done with the Azure Sentinel Automation Contributor service role.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
986 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yash Mudaliar 191 Reputation points Microsoft Employee
    2021-04-19T17:08:41.393+00:00

    Hi @Tux-nader

    The automation rule will only detect those playbooks who has 'Azure sentinel incident' related triggers and not the 'Azure sentinel alerts' related ones.
    Try to create playbook with the the trigger 'When Azure Sentinel incident creation rule was triggered' and you will be able to see the playbook as an action in the automation rule.

    Please let me know if this works for you.

    Thanks,
    Yash

    3 people found this answer helpful.
  2. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-03-30T13:07:02.427+00:00

    @Tux-nader Thanks for reaching out and apologies for delay on this. In order to for Sentinel to run the Playbooks, Sentinel also needs permission on the resource group under which you have created the playbook. You can assign this permission from here :

    82802-image.png

    After clicking on Configure permission, it will list various Resource groups, you need to select the resource group where you have created the playbook.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    1 person found this answer helpful.
    0 comments
  3. Tux-nader 1 Reputation point
    2021-04-01T18:03:44.247+00:00

    Thank you for the response. I did work with our admin to add the Resource group where the playbooks are created but I still cannot assign any playbooks to automations. When I try and add a playbook to an automation the drop down doesn't even display any of the two playbooks we've created.

    0 comments
  4. Sadik Karadag 21 Reputation points
    2021-04-19T17:14:53.33+00:00

    Hi,

    I have the same issue. I was assigned the resource group owner role and I have security admin role on all resource groups plus the Sentinel Contributer role. However, despise all of these roles I cannot see the playbooks on automation tab. I89206-image.png

    above you can see the sentinel playbooks we have got. I can manage these playbooks. However, on the automation tab I see;

    89241-image.png

    Permission on allowed resource, which host all the sentinel playbooks.

    However, when I try to add an automation rule I get the following error

    89165-image.png

    no playbooks visible

  5. Gabriel Luiz 41 Reputation points MVP
    2022-04-18T13:44:41.507+00:00
    0 comments