Forum Discussion
Manage Microsoft 365 Defender Alerts in Azure Sentinel
We're trying to find a way to manage the 'out of the box' alerts that come with Defender 365 about 95% of which are FP. Is there a way to build some sort of dashboard in Sentinel with alerts? I don't mean incidents, we aren't there yet, I just mean alerts?
Preferably, with enough information about the alert that the analyst can make a quick decision and move on...
Thanks!!
- Hey there. Check out the Active Alerts Workbook at https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks/Azure%20Defender%20Active%20Alerts
That might be a good place to start as you can edit the workbook to see all the KQL involved and adjust to taste.- digitalohm - thank you!
