Which two actions should you perform in Azure Sentinel?

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Add a playbook.
B . Associate a playbook to an incident.
C . Enable Entity behavior analytics.
D . Create a workbook.
E . Enable the Fusion rule.

Answer: A,B

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Author

Leave a Reply

Your email address will not be published.