Forum Discussion
CurlX
May 28, 2020Copper Contributor
Is there a way to aggregate multiple alerts into one incident in Sentinel
Within Sentinel we see alerts from various different portals such as Defender Security Center. In the Defender Security Center we have one overview for alerts and one for incidents. One Defender inci...
Ofer_Shezaf
Oct 27, 2020Microsoft
luizao_lf : I think that the feature you are looking for is "event grouping" rather than "alert grouping". The former will split each result of the rule query into a differnt alert. See more in the documantation.
luizao_lf
Oct 28, 2020Copper Contributor