Jan 16 2022 12:34 PM
Hi there,
Is there a way to query the Incidents and alerts in the security.microsoft.com portal?
I've been exporting the alerts, which works, but using kql would be preferred.
I don't see a good way to export Incidents or to run kql against it.
Is the only way to pull it over to Sentinel and do it from the log analytics workspace?
Same for MCAS portal (defender for cloud apps)
Thank you.
Jun 01 2022 06:26 AM
SolutionJun 01 2022 07:38 AM
Jun 01 2022 06:26 AM
Solution