Learn how to configure Azure Sentinel to automatically create incidents when threats are identified and log tickets in your service management platform. Discover the right components to set up for effective threat management.
Question
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
When Azure Sentinel identifies a threat, an incident must be created:
- Analytics
- Data connectors
- Playbooks
- Workbooks
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel:
- Analytics
- Data connectors
- Playbooks
- Workbooks
Answer
When Azure Sentinel identifies a threat, an incident must be created: Analytics
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel: Playbooks
Reference
- Azure > Security > Microsoft Sentinel > Automatically create incidents from Microsoft security alerts
- Azure > Security > Microsoft Sentinel > Tutorial: Use playbooks with automation rules in Microsoft Sentinel
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
