Category: Sentinel

Azure Sentinel: What is difference between rules, runbooks and playbook?

Here’s an overview of runbooks, playbooks, and rules in Azure Sentinel: Runbooks: Runbooks are automated workflows that can be triggered by security incidents or other events in Azure Sentinel. They can perform a wide range of tasks, such as running scripts, sending notifications, or initiating remediation actions. Runbooks can be created using Azure Automation, Logic…

February 16, 2023
Getting started with Azure Sentinel: Where to start?

Azure Sentinel is a cloud-native security information and event management (SIEM) solution that helps organizations detect and respond to threats across their entire enterprise. It provides a centralized view of security data across multiple sources, including on-premises and cloud environments, and uses artificial intelligence (AI) and machine learning (ML) to detect and investigate potential threats.…

February 13, 2023

Azure Sentinel: What is difference between rules, runbooks and playbook?