Forum Discussion
Can Sentinel tell which network WAP my endpoint devices are connected to?
Hi, I am not familiar with Sentinel. Can it tell me which network Wireless Access Point that all the endpoint devices are connected to in real time? My context is a large enterprise environm...
You could create a playbook, that gets triggered when an alert that you are interested in pops up.
Within the playbook you can extract the IP address from the alert‘s entities and use it to perform a KQL query in the table that holds your AP logs and search for a connection event or something like that.
Then create an update incident action and tag that incident with the AP‘s name or something.
Within the playbook you can extract the IP address from the alert‘s entities and use it to perform a KQL query in the table that holds your AP logs and search for a connection event or something like that.
Then create an update incident action and tag that incident with the AP‘s name or something.