Microsoft Cybersecurity Architect Expert SC-100
Your company is undergoing a digital transformation by migrating all on-premises workloads to Azure and Microsoft 365 platforms. To enhance security operations, you are tasked with designing a comprehensive security orchestration, automation, and response (SOAR) strategy utilizing Microsoft Sentinel. The strategy must adhere to these key requirements: it should minimize manual intervention from security operation analysts and must include support for triaging alerts within Microsoft Teams channels. What elements and considerations should you include in the SOAR strategy to meet these requirements?
Exam-Like
A
KQL
B
playbooks
C
data connectors
D
workbooks
Explanation:
Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, which help schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise. A playbook can help automate and orchestrate your threat response and can be run manually or automatically in response to specific alerts or incidents. This minimizes manual intervention by security operation analysts and can support triaging alerts within Microsoft Teams channels.