Forum Discussion

AshleyMartin's avatar
AshleyMartin
Icon for Microsoft rankMicrosoft
Sep 01, 2021

New Blog Post | "How to reduce incident triage and investigation times using dynamic alert details”

Alert enrichment "how to reduce incident triage and investigation times using dynamic alert details” - Microsoft Tech Community

Generally, the purpose of “alert enrichment” is to allow customization of the Alert created from the detection. 

The main goal is to reduce the time it takes to the analyst to triage and handle the incident. The same applies for “Alert details” dynamic content.
In Azure Sentinel when you create a detection (an analytics rule), the rule name (and the description, MITRE tactics and severity) will populate the alerts created from that rule.
Now let’s try and examine the following case study to see how we can leverage the “Alert details” dynamic content for better investigation and incident handling.

 

No RepliesBe the first to reply

Resources