Forum Discussion

bertschronja's avatar
bertschronja
Copper Contributor
May 31, 2021

Azure Defender Supression Rules - How to deal with them in Sentinel?

Hello all,

I am currently dealing with Azure Defender (ASC) integration into Sentinel. We are supressing alerts like "User agent detected" in Defender because we cannot really do much about them. As single incidents in Sentinel it is still the same (we still cannot do sth about them), but maybe they help Sentinel to detect a multistage attack. How would Sentinel treat those alerts if they reach Sentinel and we close them automatically? Will it still use them for correlation?

 

Thanks & Regards

Ronja

No RepliesBe the first to reply

Resources