Forum Discussion
Custom critical filter for EDR/XDR
Hello everyone, i would like to ask if somebody is trying to make a unique "critical" filter for alerts/incidents that need to be done as fast as possible? We have many high alerts and we are ...
You could do this in your ITSM tool if you have one and you pass your Alerts to that tool? Or you can create a custom alert that looks at the alerts to give you a filtered list. Or just run some KQL in Advanced Hunting to find the titles or keywords you are especially interested in, maybe something based on:
let keyWords = datatable (word:string)
[
'risk',
'suspicious'
];
AlertInfo
| where Severity =="High"
| where Title has_any (keyWords)