> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Blink Solutions In Microsoft Sentinel Content HUB

Blink’s integration with Microsoft Sentinel, available through the Sentinel Content Hub, enables triggering workflows directly from Sentinel incidents / alerts. This allows organizations to respond to threats faster, reduce manual effort, and streamline their security operations with Blink’s no-code automation platform.

## Use Microsoft Sentinel to Trigger Workflows in Blink

### Prerequisites

#### Create an Event-Based Workflow in Blink that is configured to trigger via webhook

1. In your Blink workspace, use the left-hand menu to navigate to **Workflows**, then click **New Workflow**.

2. In the dialog box that opens, enter a name for your new workflow and set the Trigger Type to **Event-based**. Click **Create Workflow**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/BlinkWebhook/workflow_create.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=1a2d91971bce2fb92bca853c32f85cf2" alt="WorkflowCreate" width="1077" height="1217" data-path="img/MicrosoftSentinel/Contenthub/BlinkWebhook/workflow_create.png" />

3. Click the **event-based** component in the new workflow.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/BlinkWebhook/trigger_config.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=ef5b3e3bee86f1d393869a1364bea4ce" alt="triggerConfig" width="2810" height="578" data-path="img/MicrosoftSentinel/Contenthub/BlinkWebhook/trigger_config.png" />

4. Search for Microsoft Sentinel trigger types and select **Microsoft Sentinel Webhook Event**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/BlinkWebhook/sentinel_webhook_choose.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=9ee74b0615888d404472a18c20462123" alt="ChooseSentinel" width="2798" height="1524" data-path="img/MicrosoftSentinel/Contenthub/BlinkWebhook/sentinel_webhook_choose.png" />

5. In the trigger setup dialog box, copy the **Webhook Full URL** address, and click **Apply**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/BlinkWebhook/copy_webhook_url.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=d986ea97be49e7c310c1c5c7893edb7a" alt="CopyURL" width="2806" height="1536" data-path="img/MicrosoftSentinel/Contenthub/BlinkWebhook/copy_webhook_url.png" />

6. Add steps to the new workflow to define the logic and actions that will run when the workflow is triggered.

7. Click **Publish & Activate** to start listening on events.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/BlinkWebhook/publish_and_activate.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=09fe3ff9f1397d310cae64a21ad9df7a" alt="Publish" width="2806" height="585" data-path="img/MicrosoftSentinel/Contenthub/BlinkWebhook/publish_and_activate.png" />

### Add the Playbook from Sentinel's Content Hub

1. In Microsoft Sentinel, use the left-hand menu to go to **Content management** > **Content hub**. Search for `Blink` in the search bar, select the displayed solution, and click **Install**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/search_blink_solution.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=fb07fb16d4a436cce177df16e64d772b" alt="searchBlink" width="3132" height="1498" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/search_blink_solution.png" />

2. After the solution has been installed, click **Manage**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/manage_blink_solution.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=fd2768bee547e71eb63ad797fec836d9" alt="ManageBlink" width="3123" height="1501" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/manage_blink_solution.png" />

3. Select the Playbook you want to add and click **Configuration**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/config_incident_playbook.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=ec20ca4a344a584a0bcbd7be41412a74" alt="configPlaybook" width="3135" height="1442" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/config_incident_playbook.png" />

<Info>
  The following steps show how to create the Sentinel Incident Handler playbook. The same process applies to the Sentinel Alert Handler as well.
</Info>

4. Click **Create Playbook**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/create_playbook.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=7a6969a66cdaf9cb9509f8d20c2bb6da" alt="CreatePlaybook" width="3133" height="1502" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/create_playbook.png" />

5. Insert **Subscription** and **Resource group**. Choose a **name** and click **Next: Connections**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_basics.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=37a2d6c8ebc22b267d6c31db81e94dd3" alt="BasicsPlaybook" width="3133" height="1502" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_basics.png" />

6. Choose a Microsoft Sentinel connection. Click **Next: Review and create**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_connections.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=cec7225aa1bc9322921adec09fa2f0bd" alt="connectionsPlaybook" width="3133" height="1502" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_connections.png" />

7. Click **Create playbook**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/review_create_playbook.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=64410d5cb5a7c77d1078dd41f816800a" alt="ReviewAndCreate" width="3133" height="1503" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/review_create_playbook.png" />

8. In the playbook designer, click **Parameters**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_params.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=beacc210db44e78569c6880d80852439" alt="playbookParams" width="3138" height="1503" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/playbook_params.png" />

9. Configure the **Blink-Webhook-Full-URL** parameter. Change the **Default value** to the **Webhook Full URL** you copied earlier from Blink.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/webhook_param.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=8833437ccc10242d089767d3366c94ee" alt="webhookParam" width="3139" height="1503" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/webhook_param.png" />

10. Close the parameters configuration window and Click **Save**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/ConfigPlaybook/save_playbook.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=34e845a8134777845d7a88ac3020179e" alt="savePlaybook" width="3131" height="1532" data-path="img/MicrosoftSentinel/Contenthub/ConfigPlaybook/save_playbook.png" />

### Create an Automation Rule

<Check>
  Next, we will create an automation rule that will trigger the workflow whenever an incident is created. Keep in mind that you can also create rules for **new alerts**.
</Check>

1. In Microsoft Sentinel, use the left-hand menu to go to **Configuration** > **Automation**. Click **Create** > **Automation Rule**.

   <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/AutomationRule/automation_rule_create.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=f853952d89d6a00f82d3f968ec980151" alt="createRule" width="3128" height="1501" data-path="img/MicrosoftSentinel/Contenthub/AutomationRule/automation_rule_create.png" />

2. Configure the new rule:

   * Choose an informative rule name.
   * Choose the trigger type **When incident is created** (Other available options: `When incident is updated` / `When alert is created`).

<Info>
  If you're configuring an `Alert Rule`, make sure to check the specific `Analytics rule name` that will trigger the playbook under the `Conditions` section (or select all of them).

  <img src="https://mintcdn.com/blinkops-2/caiSoiGFqbvyz4s7/img/MicrosoftSentinel/Contenthub/AutomationRule/analytics_rule_condition.png?fit=max&auto=format&n=caiSoiGFqbvyz4s7&q=85&s=d0509f5584353c5953c7eba9121f5d56" alt="AnalyticsRuleCondition" width="832" height="278" data-path="img/MicrosoftSentinel/Contenthub/AutomationRule/analytics_rule_condition.png" />
</Info>

* Set **Actions** to `Run playbook`, and select the sentinel incident handler playbook.
* **Optional**: set rule expiration date.
* Click **Apply**.

<img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/Contenthub/AutomationRule/config_automation_rule.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=4c45ac9ca0eb9bfe2d466a0e5a89a1d0" alt="configRule" width="3128" height="1496" data-path="img/MicrosoftSentinel/Contenthub/AutomationRule/config_automation_rule.png" />

<Check>
  After completing all the steps, Microsoft Sentinel incidents will automatically trigger your workflow in Blink.
</Check>
