Introduction to Azure Sentinel playbooks
Azure Sentinel uses Azure Logic Apps for its workflow automation. In fact, an Azure Sentinel playbook is a logic app that uses the Azure Sentinel connector to trigger the workflow. As we go through this chapter, many of the screens we will be looking at are logic app pages, which reinforces this concept. The full extent of how to use logic apps is beyond the scope of this book, so we will just cover the Azure Sentinel connector, which contains a logic app trigger and actions.
Note
For this chapter, the terms playbook and logic app will be used interchangeably. For more information on Azure Logic Apps, go to https://azure.microsoft.com/en-us/services/logic-apps/.
Logic apps use connectors (not to be confused with Azure Sentinel data connectors) and actions to perform a workflow's activities. A logic app connector provides access to events and data. Actions will perform a specific task, such as sending an email, posting a message...
