Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Sentinel Q&A > 6: Automation > Flashcards

6: Automation Flashcards

(16 cards)

Start Studying
1
Q

What is automation in Microsoft Sentinel?

A

It’s the use of workflows (called playbooks) to automatically respond to alerts or incidents without manual effort.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a playbook?

A

A workflow built in Azure Logic Apps that performs automated actions in response to an alert, incident, or manual trigger.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What kinds of actions can playbooks perform?

A

Enrich alerts with threat intel, send Teams or email notifications, create ServiceNow tickets, disable accounts, isolate machines, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are playbooks triggered in Sentinel?

A

Automatically by alerts or incidents, or manually by an analyst.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What tool powers playbooks in Sentinel?

A

Azure Logic Apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s an example use case for a playbook?

A

When a high-severity alert fires, a playbook can post to Teams, check IP reputation, and create a ticket—all automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why should customers care about automation in Sentinel?

A

It reduces analyst workload, speeds up response, ensures consistency, and minimizes the chance of human error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can playbooks be customized?

A

Yes, they are fully customizable and can also be created from templates in the Content Hub.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What skills are needed to build or modify a playbook?

A

No coding is required—playbooks are built with a drag-and-drop interface in Logic Apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can I apply multiple playbooks to a single incident?

A

Yes, you can chain or layer multiple playbooks based on different conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can playbooks be triggered manually?

A

Yes, analysts can run playbooks manually from the incident view.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Do I need to know how to code to build a playbook?

A

No—Logic Apps use a visual designer with drag-and-drop components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can playbooks interact with third-party systems like ServiceNow?

A

Yes, using connectors, playbooks can integrate with many external systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where do I go to view or manage playbooks?

A

Microsoft Sentinel > Automation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Can I test a playbook before using it in production?

A

Yes, you can run them manually and view each step’s result during testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can I edit a playbook after it’s created?

Study These Flashcards
A

Yes, playbooks are editable at any time in Logic Apps.

Sentinel Q&A (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions