Does port enumeration attack make sentinel create incident?

Copper Contributor

I am testing Azure Sentinel. I have a data connector,windows firewall.The windows firewall agent is on a window machine. I scanned windows machine with nmap. I get logs from firewall and show in sentinel. But no incident. I think it is not enough to be a incident. What can I do to get one incident? How can I make attack to get so?

2 Replies
Hi KoKyi, If you think you need to treat particular event as a case. You can create an alert for it, by going to Configuration-> Analytics. There are lots of alert rule template to pick from.

Hi akhilnx, I see now. Thanks for your help.