Forum Discussion

Yash_Mudaliar's avatar
Yash_Mudaliar
Iron Contributor
May 17, 2021

Cannot get 'Entities' via a custom analytic rule.

Hello folks,

 

I am trying to write an analytic rule to get all the alerts from 'Microsoft 365 Security' center and generate incidents based on those alerts in Sentinel.

All that the rule is lacking is that I get the 'Entities' tab empty when an incident is made.

Can anybody help me out if possible with an KQL command to add/get the entities part?

 

Would really appreciate the help.

Resources