Forum Discussion
Defender ATP into Sentinel and then SNOW
Hi all I am wanting to move Defender ATP (and other microsoft stack) alerts / incidents into Sentinel (which is easily achieved) and from here move them out into SNOW - what is the current thinking...
wootts If I am understanding what you are trying to do correctly, you cannot do it. Alerts coming from other Azure security platforms, like Defender ATP, cannot be combined into a single incident. That functionality is only for Scheduled rules.
GaryBushey thanks for the heads up....
