You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/automate-playbook-watchlist.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Use a Microsoft Sentinel watchlist and playbook to inform owners of alerts
2
+
title: Use a Microsoft Sentinel watchlist and playbook together to automate activity
3
3
description: Learn how to create a Microsoft Sentinel watchlist and playbook based on a Microsoft Defender for Cloud incident creation rule to inform resource owners of security alerts.
4
4
author: batamig
5
5
ms.author: bagol
@@ -9,8 +9,11 @@ ms.date: 09/20/2021
9
9
10
10
# Use Microsoft Sentinel watchlists and playbooks together to automate activity
11
11
12
-
This article describes two, common situations where using watchlists and playbooks together are helpful in automating activity in your systems: informing resource owners about alerts and responding to incidents with deny and allow lists.
12
+
This article describes two common situations where using watchlists and playbooks together are helpful in automating activity in your systems: informing resource owners about alerts and responding to incidents with allow lists.
13
13
14
+
> [!TIP]
15
+
> Use these sample playbooks as examples or templates for how you can create automation in your own system, modifying the values as needed.
16
+
>
14
17
## Automatically inform owners of alerts
15
18
16
19
[Microsoft Defender for Cloud alerts](/azure/defender-for-cloud/defender-for-cloud-introduction) inform the Security Operations Center (SOC) about possible security attacks on Azure resources.
0 commit comments