Does Security center playbook can be triggered automatically when any alert get fired?
I have explored security center playbook , but found that we need to trigger it manually. It will be great if we can map certain alert with playbook and when that alert is fired our playbook will be triggered automatically.
ASC now allows setting automated workflows that trigger logic apps playbooks from specific alerts.
Gilad Elyashar, head of product, Azure Security Center
We can leverage ServiceNow Record actions like Create, Delete, Get, Update, etc.
Alex Cole commented
I don't understand why you don't have the option to make an automation job automatic.
This is really amazing. Great information about blog.
I agree this would make this feature much more powerful. It should trigger on any alert and allow us to decide what happens with it in the Playbook. You could abviously achieve a similar result using an Azure Monitor Alert that triggers on Activity Log "Activate" events (per subscription) and run a LogicApp from an Action group, but it would make more sense to have this integrated in ASC.