May 16 2021 11:05 PM
Hello folks,
I am trying to write an analytic rule to get all the alerts from 'Microsoft 365 Security' center and generate incidents based on those alerts in Sentinel.
All that the rule is lacking is that I get the 'Entities' tab empty when an incident is made.
Can anybody help me out if possible with an KQL command to add/get the entities part?
Would really appreciate the help.
May 17 2021 12:27 AM
May 17 2021 06:14 AM
@CliveWatson Thanks for the reply, but this does not work. It throws the error:
The name 'entityMappings' does not refer to any known column, table, variable or function.
May 17 2021 07:29 AM
May 17 2021 10:16 AM