Microsoft Tech Community – Benjamin Kovacevic
Watchlists in Microsoft Sentinel allow you to correlate data from a data source you provide with the events in your Microsoft Sentinel environment. For example, you might create a watchlist with a list of high-value assets, terminated employees, or service accounts in your environment.
You can use watchlists in your search, detection rules, threat hunting, and response playbooks.
Recently, we have published new Microsoft Sentinel API endpoints focused on a watchlist. Together with these APIs, we also created new playbook actions that you can use in your day-to-day automation.
Link: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/new-watchlist-actions-available-for-watchlist-automation-using/ba-p/3297851