Connectors and incidents

%3CLINGO-SUB%20id%3D%22lingo-sub-1757477%22%20slang%3D%22en-US%22%3EConnectors%20and%20incidents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1757477%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20guys%2C%3CBR%20%2F%3EIf%20we%20use%20built-in%20connectors%20for%20Azure%20Sentinel%2C%20would%20the%20alerts%20and%20incidents%20get%20generated%20automatically%2C%20or%20do%20we%20need%20to%20create%20manual%20rules%20for%20generating%20them%20in%20KQL%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1757699%22%20slang%3D%22en-US%22%3ERE%3A%20Connectors%20and%20incidents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1757699%22%20slang%3D%22en-US%22%3EThere%20are%20quite%20a%20lot%20of%20templates%20ready%20to%20use%20with%20the%20built-in%20connectors%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-built-in%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-built-in%3C%2FA%3E%20They%20need%20to%20be%20turned%20on%20manually%20though%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello guys,
If we use built-in connectors for Azure Sentinel, would the alerts and incidents get generated automatically, or do we need to create manual rules for generating them in KQL?

1 Reply
Highlighted
There are quite a lot of templates ready to use with the built-in connectors: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in They need to be turned on manually though :)