New enhanced alert monitoring and management experienceAs part of the Microsoft’s ongoing improvements to monitoring and managing alerts, the Cloud App Security Alerts page has been improved based on customer feedback. In the enhanced experience, the Resolved and Dismissed statuses are replaced by the Closed status with a resolution type. New global severity setting for …
An Azure Logic App can be used in Azure Sentinel as a Playbook to be automatically invoked when an incident is created. You can use the Playbooks health monitoring workbook to monitor the health of your Playbooks, look for anomalies in the amount of succeeded or failed runs. At a glance, you can also view …
Azure Sentinel playbooks help to automate tasks, improve investigations, and allow quick responses to threats. This new feature enables selection of up to 10 playbooks to run when a new alert is created. For example, an analytics rule that indicates high-risk users assigned to suspicious IPs might trigger: An Enrichment playbook will query Virus Total about the IP entities, …