Jan 14 2022 06:21 AM
Hi,
The "Create incidents based on all alerts generated in Azure Active Directory Identity Protection" rule is generating alot of false-positive incidents in our environment.
Is it possible to find and edit the queries used to trigger these alerts, to get rid of the false-positive alerts? Or is it not possible to modify the query triggering the alerts generated by AAD Identity Protection?
Jan 14 2022 07:54 AM
Jan 14 2022 08:09 AM
Jan 14 2022 08:57 AM