Azure Sentinel 7. Incidents Report + ChatGPT
- Michael He
- Oct 9
- 1 min read
Updated: Oct 10
I am going to use Pavel Hrabec's playbook for this demo, his github can be found here:
I am using this arm template for this demo ChatGPT-Generate-Report.json
Click Raw and copy everything, now go to Azure
Search for Custom template:
Copy the .json file here:
Note: I googled a MS Logo and use it for company logo link
Now we need to modify API connections:
Update with your own API key
NOTE: you will need to create a new connection for both "Run Query and Get Alerts" and "Run query and visualize results" > go to workspace > assign "Microsoft Sentinel Contributor" role to managed identity to this playbook
Then run the playbook against an incident > use an AI tool to parse the outputs
i.e.
Comments