История

Zhipeng Zhao acbaeb8f06 Update metadata		2022-11-17 13:28:51 -08:00
..
azuredeploy.json	Update metadata	2022-11-17 13:28:51 -08:00
readme.md	Add playbook for notebook integration with incident	2022-11-14 13:34:09 -08:00

readme.md

Run-Notebook-After-Incident-Creation

author: Zhipeng Zhao

This playbook will trigger a Microsoft Sentinel notebook to process newly created incident. It will pass incident ID and entities if any to the notebook.

Prerequisites

Before deploying the the playbook you will need

set up Sentinel notebook automation system with a Synapse workspace (more info coming),
upload incident related notebooks and create pipelines for the notebooks (more info coming).
gather Synapse workspace name and Synapse pipeline name for template deployment.

Quick Deployment

Learn more about playbook deployment

Post-Deployment

Learn more about automation rules

After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Then, the Logic App's system generated identity needs to be added to the targeted Synapse workspace as a Synapse Administrator through Synapse Studio.