1.4 KiB
1.4 KiB
Comment-RemediationSteps
authors: Jordan Ross and Nicholas DiCola
This playbook will provide analysts with guidance to properly respond to an incident. This will add a comment to a Sentinel Incident with the remediation steps for alerts related to Microsoft Defender for Endpoint and Azure Security Center / Azure Defender. With these steps users will be able to respond to threats and prevent similar suspicious activity from occurring in the future.
NOTE: This playbook requires the enablement of at least one of the following data connections: Microsoft Defender for Endpoint or Azure Defender. This playbook uses a managed identity to access the API. You will need to add the playbook to the subscriptions or management group with Security Reader Role
