cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I am trying to create a watchlist that displays specific alerts from different business units

caitlin2250
Copper Contributor

‎Jun 26 2021 03:21 PM

‎Jun 26 2021 03:21 PM

I am trying to create a watchlist that displays specific alerts from different business units

here is the query below.  I would like to be able to determine which specific business unit server an alert was generated into Azure sentinel but I am unable to create a tag that includes a watchlist that provides the expected result.  Please help 

 

Heartbeat

| lookup kind=leftouter _GetWatchlist('MBSFQDN_01')

 on $left.Computer == $right.SearchKey

| project UNIT, Computer

4,331 Views
0 Likes
20 Replies
Reply
20 Replies
caitlin2250

‎Jul 06 2021 08:09 AM

‎Jul 06 2021 08:09 AM

Re: I am trying to create a watchlist that displays specific alerts from different business units

Thank you very much for the prompt response Louis. Can you please explain what each line of code does because if I present it to our SOC team they would ask me to explain what each line of code does as we are all new to Sentinel so I would really appreciate your help with it.
Thank you so much
Caitlin
0 Likes
Reply