Threat response with Microsoft Sentinel playbooks

Module
7 Units

Intermediate

Security Operations Analyst

Azure

Azure Log Analytics

Azure Logic Apps

Microsoft Sentinel

This module describes how to create Microsoft Sentinel playbooks to respond to security threats.

Learning objectives

In this module you will:

Explain Microsoft Sentinel SOAR capabilities.
Explore the Microsoft Sentinel Logic Apps connector.
Create a playbook to automate an incident response.
Run a playbook on demand in response to an incident.

Prerequisites

Automation and monitoring
Azure Monitor and its Log Analytics workspace
Azure Logic Apps

Introduction min
Exercise - Create a Microsoft Sentinel playbook min
What are Microsoft Sentinel playbooks? min
Trigger a playbook in real-time min
Run playbooks on demand min
Exercise - Create a Microsoft Sentinel playbook min
Summary min