Forum Discussion
akshay250692
Jul 26, 2023Brass Contributor
Custom Entity Mapping
I written below KQL with help from community but not able to create custom entity in Set Rule Logic. I need to mapping FailedAttempt field but no option in entity field. let threshold=2; let a...
- Jul 27, 2023If you need to have the entity usable in an Automation rule, just select one of the existing entities and assign your field to it, just make sure to select one that the Automation rule could use.
akshay250692
Brass Contributor
we are creating playbook for reduce incident.
GBushey
Jul 27, 2023Microsoft
I would say you would be better off modifying the KQL of your rule to reduce the number of events being found rather than trying to use Automation rules. Once an alert has been generated, the incident will be created as well, unless the rule has been set to not create incidents automatically.