What should you do?

HOTSPOT

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, named Playbook1.

Query! returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

View Answer

Answer: