Default values for Sentinel incident selectors

Copper Contributor

Within the incidents view there is the option to select different values within the Severity, Status, Product Name and Owner fields for displaying incidents. 

 

Is it possible to define the default view of the incidents page so that for example only new incidents that are a High or Medium severity are shown? Currently upon each login this needs setting on each occasion.

 

Thanks!

3 Replies

@ts1120 As of right now, no.   It has been requested that this feature be added to MS Sentinel although there is no indication that I know of, that MS has started to work (or will work) on it.

@Gary Bushey Thanks for the response Gary, hopefully this feature is deployed. It seems like a bit of an obvious feature to have within a SIEM to me.

I love to find two, three, four-year-old threads about some basic feature that every other system has, and that Microsoft is still "maybe thinking about it".

It really makes me wonder if they use their own products.