Baby steps
Of the MDTI-Base Playbook you mention configuring the connections; what is this?
When you enable a Playbook you have to assign some of the logic steps an account to run as. See here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/understanding-api-connections-for-your-microsoft-sentinel/ba-p/2593973
So Rod, you mean using a system assigned managed identity. Thank you for the link, as I do understand what you are stating now.
System assigned is a best practice. But yes, any type of identity connection that is used to make the logic step connection to the remote service.
Are there any MDTI playbooks available to add entities info to incidents as comments
Not currently, but should be easy to create one. Just use one of the existing Playbooks as a template.
Of the MDTI-Base Playbook you mention configuring the connections; what is this?
When you enable a Playbook you have to assign some of the logic steps an account to run as. See here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/understanding-api-connections-for-your-microsoft-sentinel/ba-p/2593973
So Rod, you mean using a system assigned managed identity. Thank you for the link, as I do understand what you are stating now.
System assigned is a best practice. But yes, any type of identity connection that is used to make the logic step connection to the remote service.
Are there any MDTI playbooks available to add entities info to incidents as comments
Not currently, but should be easy to create one. Just use one of the existing Playbooks as a template.