Forum Discussion

GaryBushey's avatar
GaryBushey
Bronze Contributor
Jan 12, 2025

Bug in stand-alone MS Sentinel MITRE tactics

I setup a new Analytic rule where I had selected multiple tactics/techniques combinations.  When I create an incident from that rule, only one of the tactics/techniques actually show up in the stand-alone MS Sentinel UI as well as in the SecurityIncident table.  It isn't even the first one I selected; it is the last one.  I did double check the Analytic rule and all the tactics/techniques are selected.

If I look at the incident using the MS Sentinel REST API, it does show that all the tactics/techniques are there as well as if I look in the M365 portal (I have my MS Sentinel instance linked).  Heck, even the Graph Query will show them all (after expanding the incident to show the alerts as well).

Has anyone noticed this recently? Is it a bug or another new "feature"?

No RepliesBe the first to reply

Resources