Debugging Playbooks

This article assumes knowledge of how to create Microsoft Sentinel Analytic Rules, Automation Rules, and playbooks. Create the playbook You will want to create the playbook first, since one will need to be created before it can be used in the Automation rule.   In the example shown below, the playbook will iterate through all the […]

Debugging Playbooks Continue Reading

Querying Watchlists

special thanks to @Ofer_Shezaf for showing me the new function call. Watchlists Watchlists are a feature of Microsoft Sentinel that provide great flexibility and useability.  They allow for user-defined tables that can be used in KQL queries to provide additional data.  By uploading data using CSV files, users control the data that are in the watchlists

Querying Watchlists Continue Reading