Investigation Graph through the Hunting Blade ?

Question

Hi all,&nbsp;Is there a way to use the investigation graph through the hunting queries ?&nbsp;I have created a hunting query to find when users are assigned Azure AD roles outside of PIM, with the associated entities (account, IpAddress). Can I investigate with the graph directly or do I have to create an analytic rule each time ?&nbsp;Kind regards,&nbsp;Emmanuel NGUYEN

garybushey · Answer

emmanuelnguyen&nbsp;You can save the results you care about as bookmarks and kick off the investigation from them.

clivewatson · Answer

emmanuelnguyen&nbsp;
&nbsp;
As part of the Hunt save as a bookmark, then go to the Bookmark tab, and there is an Investigate button.&nbsp;&nbsp;https://docs.microsoft.com/en-us/azure/sentinel/bookmarks

&nbsp;

emmanuelnguyen · Answer

Thank you so much !!

emmanuelnguyen · Answer

Thank you so much for the additional details !

Forum Discussion

Investigation Graph through the Hunting Blade ?

4 Replies