Forum Discussion
How to search for multiple incidents in Sentinel incident search?
Is there any option to search multiple incident numbers at a time, so that I can close it in one go? Now I'm tagging each incidents individually.
Do you mean in the Sentinel User Interface? When you search in the UI, for a term, lets say "active", this will show the Incidents with that word. You can then checkbox these and press the ACTIONS button to change Severity, Tags or Status for all selected Incidents
- Yes in Sentinel user interface. I was looking for giving multiple search keywords at a time as search parameter. For example,if I need to get all incidents which have the entities "user1" and "user2" at one go.
Primat
I don't think that is possible, maybe reply to this thread: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-incident-advanced-search-is-now-public/ba-p/2627590 or raise a FR Microsoft Sentinel ยท Community (azure.com)
