Forum Discussion
Azure Sentinel MSP - Non-Scheduled Alert Queries
What is the best approach to take to pull alerts/incidents from non-scheduled rule queries, such as Azure AD Identity Protection) into the MSSP Tenant? Should it be done by using cross-workspace q...
Right, right. Sorry should have clarified a bit more.
Was mainly looking for a way to centralize all of the alerts in single console for our SOC, without them having to jump back and forth between the consoles to see the non-scheduled rules. But as I was thinking about it, I totally forgot about the Cross Workspace incidents page.
Appreciate the input 🙂
Cheers
Was mainly looking for a way to centralize all of the alerts in single console for our SOC, without them having to jump back and forth between the consoles to see the non-scheduled rules. But as I was thinking about it, I totally forgot about the Cross Workspace incidents page.
Appreciate the input 🙂
Cheers
Javier-Soriano
Microsoft
MicrosoftNo problem. Also, if you at some point have to go over the 10 workspaces limit that we support in the cross-ws incident view, you can always use this workbook as the central management pane: https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/SentinelCentral.json