Forum Discussion
Solved
Multiple alerts generating an incident
I see in the Incident's page that there is a field that lists the number of alerts used to generate an incident. How does this work? How can you have multiple alerts generating a single incident? ...
GaryBushey I think you might be asking about Advanced multistage attack detection in Azure Sentinel or Fusion rules. https://docs.microsoft.com/en-us/azure/sentinel/fusion
Fusion rules combine two or more alerts from Azure AD Identity Protection and Microsoft Cloud App Security to create one incident. For example "Impossible travel to atypical locations leading to suspicious cloud app administrative activity", the rule correlate multiple alerts in attempt to predict a multistage attack.
GaryBushey I think you might be asking about Advanced multistage attack detection in Azure Sentinel or Fusion rules. https://docs.microsoft.com/en-us/azure/sentinel/fusion
Fusion rules combine two or more alerts from Azure AD Identity Protection and Microsoft Cloud App Security to create one incident. For example "Impossible travel to atypical locations leading to suspicious cloud app administrative activity", the rule correlate multiple alerts in attempt to predict a multistage attack.
ehloworldio That makes sense. Thanks.
