Forum Discussion
TS-noodlemctwoodle
Oct 13, 2020Brass Contributor
Grouping Azure Sentinel - Azure Active Directory Identity Protection alerts
Is there a way to group Azure Active Directory Identity Protection alerts such as "Unfamiliar sign-in properties" in Azure Sentinel? We are seeing hundreds of these alerts being raised on a dail...
GaryBushey
Oct 13, 2020Bronze Contributor
TS-noodlemctwoodle If you are referring to the Microsoft Security (Preview) rule to "Create incidents based on Azure Active Directory Identity Protection alerts" then the answer is no. The only thing you can change is what severity to include as well as to include or exclude specific alerts.
If you are referring to one you created yourself or another Scheduled rule than Rod_Trent's answer is correct.
TS-noodlemctwoodle
Oct 13, 2020Brass Contributor
GaryBushey- I was indeed referring to the Microsoft Security (Preview) rule.
Rod_Trentas GaryBushey says you can't edit the Microsoft Security (Preview) rules like you can with scheduled rules, so this wasn't possible, unfortunately.
I think I have overcome the problem now, I'm just testing it. 🙂