Forum Discussion
TAMMM
Feb 26, 2024Copper Contributor
Microsoft sentinel Incident entities mapping not showing some alert fields
Hello, I am working on the rule "Attempt to bypass conditional access rule in Azure AD" that only show Account entity. I modified the rule to add an IP entity named "IPAddresses" that content a s...
Clive_Watson
Feb 27, 2024Bronze Contributor
This is now called: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Entra%20ID/Analytic%20Rules/BypassCondAccessRule.yaml
You can see that the standard rule if deployed from the YAML will map IP Address without amending it.
You can see that the standard rule if deployed from the YAML will map IP Address without amending it.