Forum Discussion
Playbook Triggering
Hi everyone! I'm working with playbooks and we want to get a copy of every Incident created in Sentinel sent to a centralised location. I originally implemented this with every Alert that fired, ...
JKatzmandu This feature is still in private preview and, as far as I know, there is no official date for it to go to public preview. It is a bit confusing that the trigger shows up without being able to use it.
GaryBushey That's good to know. It is mentioned in documentation, but scantly. I'm back to running a query every 5 minutes against the "SecurityIncident" table to search for "New" incidents and then forwarding them via e-mail. I have a Condition that checks for the existence of the "IncidentUrl" string in the query results. If it's there, send the e-mail. If not, nada.
- Also doing the same but with one analytic per severity. Can't wait until this has a first class solution!
