Manual triggering is available from the Azure Sentinel portal in the following blades:
In Incidents view, choose a specific incident, open its Alerts tab, and choose an alert.
In Investigation, choose a specific alert.
Click on View playbooks for the chosen alert. You will get a list of all playbooks that start with an When an Azure Sentinel Alert is triggered and that you have access to.
Click on Run on the line of a specific playbook to trigger it.
Select the Runs tab to view a list of all the times any playbook has been run on this alert. It might take a few seconds for any just-completed run to appear in this list.
Clicking on a specific run will open the full run log in Logic Apps.
Clearly says to go to Incidents first.
https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents#run-a-playbook-manually-on-an-alert
I do not like this question and D is a good choice but when I read the specific doc about testing playbooks (which I had not seen anyone link yet):
https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks#run-a-playbook-manually
I see you can test the playbook three ways:
To run a playbook on a specific incident
To run a playbook on an alert
To run a playbook on an entity
Sorry I did not mean to hit submit yet, I will continue.
So I see three ways to test but then this sentence:
In any of these panels, you'll see two tabs: Playbooks and Runs.
So then, I think in this poorly worded question you actually do click on "playbooks" to test.
If I see this on the exam I am not sure which one I would choose, it could be a lot more clear than it is IMO.
Confirmed from SC-200 Microsoft Practice Assessment
https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-200/practice/assessment?assessment-type=practice&assessmentId=59
You can test a playbook manually in Azure Sentinel from both A. Playbooks and B. Incidents.
A. Playbooks: You can run a playbook directly from the Playbooks blade in Azure Sentinel. This allows you to test the playbook independently of any incident or alert.
B. Incidents: You can also run a playbook from an incident in Azure Sentinel. This allows you to test the playbook in the context of a specific incident.
The answer is A. Playbooks.
Playbooks are logic apps that allow you to automate and orchestrate your threat response in Azure Sentinel. You can create playbooks from templates or from scratch, and assign them to alerts or incidents to run automatically when triggered by an automation rule. You can also run playbooks manually on-demand, on a particular entity or alert, to test their functionality or perform a specific action.
In the Playbooks tab, you'll see a list of all the playbooks that you have access to and that use the appropriate trigger - whether Microsoft Sentinel Incident, Microsoft Sentinel Alert, or Microsoft Sentinel Entity. Each playbook in the list has a Run button which you select to run the playbook immediately.
Agree:
In Microsoft Sentinel, you can manually test a playbook from the "Playbooks" blade. Here's how to do it:
1. Navigate to Microsoft Sentinel in the Azure portal.
2. Select the appropriate workspace.
3. In the left-hand menu, click on "Configuration" and then select "Playbooks."
4. Find the playbook you want to test and click on it to open its details.
5. At the top, you'll see an option to "Run playbook." Click this to start a manual test.
Cause you need parameters(an array with entities), which are provided by the Sentinel trigger.
Please stop using chatGPT for this matter, it is very unreliable approach, ChatGPT is good for other things, like generating basic code for most common/popular scenarios and languages, doing conversions, parsing, etc...
A. Playbooks.
To test a playbook manually in Azure Sentinel, you can use the "Test" feature in the Playbooks section of the Azure Sentinel workspace.
To do this, navigate to the Azure Sentinel workspace in the Azure portal, click on "Playbooks" in the left-hand menu, and then select the playbook that you want to test. From there, click the "Test" button at the top of the page
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HSBNZ
Highly Voted 3 years, 8 months agopalito1980
Highly Voted 2 years, 2 months agoEM1234
1 year, 9 months agoEM1234
1 year, 9 months agoEM1234
1 year, 9 months agoEM1234
1 year, 9 months agotalosDevbot
Most Recent 7 months agoRamye
1 year, 2 months agoxoe123
1 year, 3 months agoestyj
1 year, 3 months agochepeerick
1 year, 6 months agodanb67
1 year, 6 months agomali1969
1 year, 8 months agoRamye
1 year, 2 months agoAnil0512
1 year, 7 months agodonathon
1 year, 8 months agosergioandreslq
7 months agoitsadel
1 year, 9 months agomimguy
1 year, 9 months agoevilprime
2 years, 1 month ago7c0a
1 year, 10 months ago[Removed]
2 years, 2 months agobillo79152718
1 year, 10 months agoteouba
2 years, 2 months agokushagrasharma172
2 years, 4 months agosubhuman
3 years, 1 month ago