MEAPSA

Threat response with Microsoft Sentinel playbooks

This module describes how to create Microsoft Sentinel playbooks to respond to security threats.

Security Operations Analyst

Azure

Log Analytics

Logic Apps

Microsoft Sentinel

Module Objectives

In this module you will:

Explain Microsoft Sentinel SOAR capabilities.
Explore the Microsoft Sentinel Logic Apps connector.
Create a playbook to automate an incident response.
Run a playbook on demand in response to an incident.

Units

Introduction min
Exercise - Create a Microsoft Sentinel playbook min
What are Microsoft Sentinel playbooks? min
Trigger a playbook in real-time min
Run playbooks on demand min
Exercise - Create a Microsoft Sentinel playbook min
Summary min

Prerequisites

Automation and monitoring
Azure Monitor and its Log Analytics workspace
Azure Logic Apps