top of page

Search

Azure AI Foundry 2. Sentinel Incidents RAG

Michael He
Oct 10, 2025
1 min read

Create a storage account

Create a container name it "incidents"

Deploy a playbook: https://github.com/Pavel-Hrabec/AI-for-CyberSecurity#

I am using "AI-Training-Data"

At Resource Group level, assign "Storage Blob Data Contributor" role to this playbook via managed identity

Also assign Log Analytics role to the playbook via managed identity

Fix the API connections

Fix playbook blob connection:

Also need to update the endpoint for the blob storage (URL can be found under storage account > container)

Save the playbook

Now run this playbook against an incident and you can download the file in the container

i.e.

Let's go back to the AI Foundry > Playground > Chat > Add your data

Now go back to the AI Foundry playground and refresh AI search resource

Recent Posts

Azure AI Foundry 1. ChatGPT - Deployment

Azure AI Foundry 1. ChatGPT - Deployment

Azure Sentinel 7. Incidents Report + ChatGPT

Azure Sentinel 7. Incidents Report + ChatGPT

Azure Sentinel 6. Key Vault for ChatGPT

Azure Sentinel 6. Key Vault for ChatGPT

bottom of page