Forum Discussion
AAD Identity Protection queries
Hi, The "Create incidents based on all alerts generated in Azure Active Directory Identity Protection" rule is generating alot of false-positive incidents in our environment. Is it possible to...
Thank you for answering.
I don't seem to find what I search for though. I hoped to find a customizable query, in the style of the ones used for custom made Scheduled Analytics rules.
Are you refering to the Policies in the AADIP? Or can you give more details about where i can go and adjust parameters?
Thank you in advance.
I don't seem to find what I search for though. I hoped to find a customizable query, in the style of the ones used for custom made Scheduled Analytics rules.
Are you refering to the Policies in the AADIP? Or can you give more details about where i can go and adjust parameters?
Thank you in advance.
Have you tried Automation Rules? https://docs.microsoft.com/en-us/azure/sentinel/false-positives this can help to filter certain things and then close them for you etc...
Or you can also "Exclude specific alerts - Only create incidents from alerts that do not contain the following text in the alert name" from the Rule Wizard page.
Or you can also "Exclude specific alerts - Only create incidents from alerts that do not contain the following text in the alert name" from the Rule Wizard page.
- Thanks i will look into this!