Forum Discussion
Microsoft Threat Intelligence Analytics
We have few domain names detected from this rule and the domain names are mentioned in the Microsoft Threat Intelligence. But the device action for the domain names is Sinkhole. We are receiving multiple incidents for the same domain names and this is not a customizable rule. How can the incident noise be reduced for this scenario ? Rod Trent have you got any solution for this ?
- Rod_Trent
Microsoft
Have you considered building a Watchlist with the reported domains?
https://learn.microsoft.com/en-us/azure/sentinel/watchlists-queries
