Do you want this automation to be activated when new incidents (or alerts, in preview) are created? Or any time an incident gets updated?
Automation rules are triggered when an incident is created or updated (the update trigger is now in Preview) or when an alert is created (also in Preview). Recall that incidents include alerts, and that both alerts and incidents are created by analytics rules, of which there are several types, as explained in Detect threats with built-in analytics rules in Microsoft Sentinel.
learn.microsof...
learn.microsof...
azurecloudai.b...
4 окт 2024