Mastering Microsoft Sentinel Automation: Tips and Tricks
In the previous three chapters, we focused on hands-on examples that hopefully helped you understand how to utilize automation.
We started with examples of how to enrich incidents on the incident creation for faster triage in Chapter 6 and continued with examples of how to utilize automation to manage incidents in Chapter 7. In the previous chapter, we focused on how to utilize automation to respond to incidents. We utilized the two most common response automation techniques – block the user and isolate a device.
In this final chapter of the book, we will go through the following topics:
- Best practices for working with dynamic content and expressions
- Understanding the HTTP action and its usage
- Exploring more playbook actions
Let’s get into it!