Microsoft Azure Security Engineer Associate AZ-500 Practice Question
In a Microsoft Sentinel workspace named SecOps, you deploy a Logic App playbook called SendToITSM that creates a ServiceNow ticket. You need the playbook to run automatically whenever Sentinel generates a new High-severity incident, regardless of which analytics rule produced the incident, and before analysts begin triage. What should you configure to meet the requirement?
Attach the SendToITSM playbook to the Automated response section of every existing analytics rule in the workspace.
Configure a scheduled query rule in Azure Monitor that sends a webhook call to the playbook through an action group.
Create an automation rule that triggers when an incident is created, adds a condition for High severity, and runs the SendToITSM playbook.
Set a default playbook for all incidents in the workspace from the Incidents settings page in Microsoft Sentinel.
A Microsoft Sentinel automation rule can act at the workspace level. Configure the rule with the trigger "Incident created," add a condition that the incident Severity equals High, and specify the action "Run playbook - SendToITSM." Once an incident that matches the condition is generated, Sentinel processes the automation rule (usually within a few minutes) and launches the playbook, ensuring a ServiceNow ticket is created for every new High-severity incident. Attaching the playbook to each analytics rule is labor-intensive and would not cover rules added later, Azure Monitor action groups cannot trigger Sentinel incidents, and Sentinel does not provide a workspace-wide default playbook setting on the Incidents page.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Logic App playbook in Microsoft Sentinel?
Open an interactive chat with Bash
How do automation rules work in Microsoft Sentinel?
Open an interactive chat with Bash
Why can't a default playbook be set for all incidents in Microsoft Sentinel?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .