With the Microsoft Sentinel Responder Role correctly assigned to the playbook, I'll proceed to execute it in response to an actual security incident.
Running Playbook in a Real Incident
Navigate to Microsoft Sentinel for "SEC-Monitoring" dashboard.
- Click on "Incidents" under Threat management at the left side bar.
- Click on a random incident.
- Click on "Actions". Then, select "Run playbook (Preview)".
- Click on "Run".
- I have 2 because, the first one wasn't working so i redo the part 1 and 2 and created another playbook-2.
- Click on "View full details".
- Click on "Activity log".
- ChatGPT commented on the right side in the Incident activity log.
- Noticed ChatGPT wasn't able to finish the third point.
- The solution to this problem will shown in the next part.
Demonstrate How to Run ChatGPT on Incidents
With the Microsoft Sentinel Responder Role correctly assigned to the playbook, I'll proceed to execute it in response to an actual security incident.
Running Playbook in a Real Incident
- Click on "Incidents" under Threat management at the left side bar.
- Click on a random incident. - Click on "Actions". Then, select "Run playbook (Preview)".
- Click on "Run". - I have 2 because, the first one wasn't working so i redo the part 1 and 2 and created another playbook-2.
- Click on "View full details".
- Click on "Activity log". - ChatGPT commented on the right side in the Incident activity log. - Noticed ChatGPT wasn't able to finish the third point.
- The solution to this problem will shown in the next part.