Demonstrate How to Create Automation in SIEM with ChatGPT
In this project phase, I will investigate automating the playbook execution upon incident creation, also establishing a streamlined, fully automated workflow within Microsoft Sentinel.
Creating an Automation Rule
Navigate to Microsoft Sentinel for "SEC-Monitoring".
- Click on "Automation" under Configuration at the left side bar.
- Click on "Create". Then select " Automation rule".
Demonstrate How to Create Automation in SIEM with ChatGPT
In this project phase, I will investigate automating the playbook execution upon incident creation, also establishing a streamlined, fully automated workflow within Microsoft Sentinel.
Creating an Automation Rule
- Click on "Automation" under Configuration at the left side bar.
- Click on "Create". Then select " Automation rule".
- Fill in information: - Automation rule name: "ChatGPT Incident Enrichment". - Conditions: - Incident provider: "Equals", "All". - Analytic rule name: "Contains", "All". - Actions: - "Run playbook". - "ChatGPT" playbook. - Order: "5". - Click on "Apply".
- Successfully created an automated rule that run automatically whenever a new incident occurs.