Jan 02 2023 08:43 AM
Folks,
Does anyone know if it’s possible to do the following:
We have an analytic rule powered by a very simple query (2-line query)
The results would produce results like these (If you were to run the query manually), (I have not pasted the actual data that corresponds to the rows of course)
is it possible to extract the data from the results above from within the actual sentinel incident connector?
I have tried a few of these below, but no luck.
NOTE: I know that I may be able to perhaps get the results using the "Azure monitor logs" connector, but I don't want to do that, I want to know if that data exists within the "sentinel incident" connector itself.
Jan 03 2023 01:17 AM
Jan 03 2023 08:06 AM - edited Jan 04 2023 12:07 PM
@Clive_Watson thanks for the reply. Yes I figured that if something as straightforward as this didn't get an answer very quickly, there was no way to do it just with the "Microsoft Sentinel Incident" connector.