Forum Discussion
New Sentinel Integration Causing a Single Large Incident
I migrated Sentinel to the new Defender XDR connector, giving it access to the SecurityAlerts and SecurityIncident table. Defender's entity matching is now creating one large incident of pretty much ...
Past Sentinel rule suppressions won't carry forward to new Defender XDR portal. You need to configure the alerts again (please correct me if this is incorrect). Have played with feature a little bit.
Check out the article https://learn.microsoft.com/en-us/defender-xdr/investigate-alerts?view=o365-worldwide#public-preview-tune-an-alert
Check out the article https://learn.microsoft.com/en-us/defender-xdr/investigate-alerts?view=o365-worldwide#public-preview-tune-an-alert