🔥 3-day streak
Microsoft Security Operations Analyst171 / 190
Question 171 of 190

Your SOC uses Microsoft Sentinel. You built a Logic Apps playbook that enriches incidents by querying an external threat intelligence API and adding the results as a comment. You want the playbook to run automatically whenever any new incident is created by a specific high-fidelity analytics rule, without requiring an analyst to trigger it manually. What should you configure, and what permission must be granted?

Reviewed for accuracy · Report an issueNext question