Forum Discussion
3rd Party Alert Ingestion into Sentinel as SEIM
Hi all, Newbie here! I am SOC analyst for a small business and we are looking at SIEM/SOAR solutions. We already utilize MS Sentinel as SIEM, and Crowdstrike as EDR. We will be rolling out ot...
Microsoft Sentinel has an Incidents blade, this is a consolidated view of any Alert (regardless of application). Some products like Defender you can click thru from Sentinel to the Alert in question. However for many other products the Alert may contain a URL the Analyst can follow to see the details (if you need more insight than the info in the Alert itself).
You can link to a full ITSM tool like ServiceNow or JIRA if you need extra capability.
https://learn.microsoft.com/en-us/azure/sentinel/incident-investigation
You can link to a full ITSM tool like ServiceNow or JIRA if you need extra capability.
https://learn.microsoft.com/en-us/azure/sentinel/incident-investigation