Jun 21 2021 05:17 AM
Hi guys,
Just configured the "Microsoft 365 Defender (Preview)" connector within Sentinel which automatically receives alerts from Defender for Endpoint and MCAS. Is there anyway to auto supress alerts with automation rules? I receive an alert which I do not need in Sentinel (but customer want the alert), but I cannot see an option for automation rules since it does not have a analytic rule.
Closing it with a Playbook or something liek that would work, but I am curious if peopel use different solutions.
Cheers!
Jun 21 2021 05:46 AM
Jun 21 2021 05:48 AM
Jun 21 2021 06:06 AM
SolutionJun 21 2021 07:14 AM
@Thijs Lecomte Thanks Thijs! I totally missed the fact that you could use it without a specific rule.
Jun 21 2021 06:06 AM
Solution