cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more

Alert Handing

capsec_1101
Senior Member

‎Nov 06 2019 04:02 AM

‎Nov 06 2019 04:02 AM

Alert Handing

since we have connected Azure Security Center, Office Security Center and Cloud app Security , we now have to close alerts in multiple places. How are you handing this?

485 Views
0 Likes
1 Reply
Reply
1 Reply
Pranesh1060

‎Nov 07 2019 01:00 AM

‎Nov 07 2019 01:00 AM

Re: Alert Handing

@capsec_1101 

 

Following..

Experts,

 

Use Case in MCAS: An alert is triggered based on the policy  which needs user intervention to confirm the same. There is a flow that triggers an alert to the user, and user responds to it accordingly and SNOW ticket is generated and based on user response the alert is dismissed/ resolved in MCAS.

 

https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Automating-Security-workflows-wi...

 

How do we achieve the same in Sentinel? Would it be possible to create the same flow on Sentinel instead of MCAS using Logic Apps which would take up the compromised entity and trigger a mail for user response(Cloud App Security connector seems to be missing or did I not search it thoroughly)?

 

Thanks

 

 

 

 

0 Likes
Reply