May 06 2020 09:03 AM
Hi all,
Is there a way to use the investigation graph through the hunting queries ?
I have created a hunting query to find when users are assigned Azure AD roles outside of PIM, with the associated entities (account, IpAddress). Can I investigate with the graph directly or do I have to create an analytic rule each time ?
Kind regards,
Emmanuel NGUYEN
May 06 2020 11:38 AM
@emmanuelnguyen You can save the results you care about as bookmarks and kick off the investigation from them.
May 06 2020 11:41 AM
As part of the Hunt save as a bookmark, then go to the Bookmark tab, and there is an Investigate button. https://docs.microsoft.com/en-us/azure/sentinel/bookmarks
May 07 2020 04:44 AM