Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community


Occasional Reader

Hi, I use the Microsoft 365 Defender data connector to forward security incidents to Sentinel. 
The incident contains a lot of entities like host/username and process information. 
I need the local ip address from the host (type IP)  - how can I add this entity every time I get an incident?




0 Replies