Azure Sentinel Side by Side with QRadar

Question

Hi,quick question:&nbsp;in the "Event Filter" on Qradar we add:vendorInformation/provider eq 'Azure Sentinel'to get Sentinel events but is it possible to include another azure instances such as Cloud App, Identity, etc?I mean, like:provider eq 'Azure Sentinel, MCAS, IPS'&nbsp;thank you

rod_trent · Answer

Jesto001&nbsp;A couple ways.
&nbsp;
As a query example...
&nbsp;
SecurityAlert| where ProductName == "Microsoft Cloud App Security"
&nbsp;
Using a filter in the UI (example in Incidents)...
&nbsp;

clive_watson · Answer

alsoSecurityAlert| where ProductName in ("Microsoft Cloud App Security","product A","product B")

Forum Discussion

Azure Sentinel Side by Side with QRadar

2 Replies

Resources