Your organization uses Microsoft Sentinel and wants to automatically respond to high-severity incidents. Which feature should you configure?
Trap 1: Create a playbook and run it manually for each incident
Playbooks require manual triggering or integration with automation rules.
Trap 2: Set up an analytics rule with automatic response
Analytics rules generate alerts/incidents but do not include automatic response actions.
Trap 3: Use a workbook to trigger a playbook
Workbooks are for visualization, not for triggering automated responses.
- A
Configure an automation rule to run a playbook automatically
Automation rules can automatically run playbooks based on incident properties such as severity.
- B
Create a playbook and run it manually for each incident
Why wrong: Playbooks require manual triggering or integration with automation rules.
- C
Set up an analytics rule with automatic response
Why wrong: Analytics rules generate alerts/incidents but do not include automatic response actions.
- D
Use a workbook to trigger a playbook
Why wrong: Workbooks are for visualization, not for triggering automated responses.