1

I've created a Playbook in Security Center and can manually trigger the Playbook by going to a Security Alert and clicking "Run" on my Playbook.

Now I would like to automatically have this Playbook triggered whenever there is a new security alert.

Initially, I tought that these Playbooks were going to fire automatically, however, looking closely at the documentation, it does imply that it is a manual execution:

https://learn.microsoft.com/en-us/azure/security-center/security-center-playbooks

Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert.

Is there any built-in mechanism to automatically trigger the playbook or do I need to set up an Alert that queries SecurityAlert in OMS and then have an Action Group that specifies my Logic App as the Action Type?

Andy T
  • 10,223
  • 5
  • 53
  • 95

1 Answers1

0

As of now there is no in build capability for automatic trigger of Azure Security Center Playbook. The azure feedback related to this feature already exists. Please upvote this feedback so that feature team prioritize this functionality in their plans.

Azure Feedback - Does Security center playbook can be triggered automatically when any alert get fired?

Yes, for now create an alert in Azure Monitor and have it query OMS, then if the alert fires, have it notify an Action Group using a webhook.

Mohit_Garg
  • 892
  • 5
  • 8