You're reading from Learn Azure Sentinel Integrate Azure security with artificial intelligence to build secure cloud systems

Product type Paperback

Published in Apr 2020

Publisher Packt

ISBN-13 9781838980924

Length 422 pages

Edition 1st Edition

Tools

Azure

Concepts

Artificial Intelligence

Authors (2):

Gary Bushey

Richard Diver

View More author details

Table of Contents (22) Chapters

Preface

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Azure Sentinel FREE CHAPTER

3. Chapter 2: Azure Monitor – Log Analytics

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

6. Chapter 4: Integrating Threat Intelligence

7. Chapter 5: Using the Kusto Query Language (KQL)

8. Chapter 6: Azure Sentinel Logs and Writing Queries

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

11. Chapter 8:Introducing Workbooks

12. Chapter 9:Incident Management

13. Chapter 10: Threat Hunting in Azure Sentinel

14. Section 4: Integration and Automation

15. Chapter 11: Creating Playbooks and Logic Apps

16. Chapter 12: ServiceNow Integration

17. Section 5: Operational Guidance

18. Chapter 13: Operational Tasks for Azure Sentinel

19. Chapter 14: Constant Learning and Community Contribution

20. Assessments

21. Other Books You May Enjoy

Leave a review - let other readers know what you think

Creating a playbook to trigger a ticket in ServiceNow

We have already covered what an Azure Sentinel playbook is, and how to create one, in Chapter 11, Creating Playbooks and Logic Apps. As a quick refresher, a playbook is a set of logical steps that are taken to perform an action. These are also referred to as workflows in other applications. Playbooks use Azure Logic Apps technology; the only difference is that a playbook must use the Azure Sentinel connector's trigger. After that, you are able to use any of the many actions that are provided by Azure Logic Apps.

We are going to take this one step further in this section and explain how to use a playbook to create a ServiceNow Security Incident Response (SIR) incident. If you do not already have the SIR module loaded in your ServiceNow environment, follow the instructions located at https://docs.servicenow.com/csh?topicname=t_ActivateSecurityIncidentResponse.html&version=kingstonsecurity.

Note

While this section...