Nov 12 2019 10:46 AM - edited Nov 12 2019 11:14 AM
What is the URL to get to a specific Incident's Full Details page? The URL I get from my browser only takes me to the listing of Incidents. I thought I saw it listed here before but I cannot find it.
Nov 18 2019 11:52 AM
Nov 18 2019 01:06 PM
Nov 18 2019 01:51 PM
Hi @Gary Bushey, thank you for your feedback! Adding @Nicholas DiCola (SECURITY JEDI)
Nov 19 2019 08:43 AM
Dec 16 2019 12:30 PM
Great news, this has arrived!
Nicholas (I can't @ you, I get an "invalid HTML" error when I try to post) is there somewhere that release notes of changes like this are posted? Or even better a roadmap so we know what's coming? Knowing this was coming would have saved us a lot of time last week. The biggest thing we're eager for is when are Sentinel Incidents coming to the Graph API, we're investing a lot of time in making Logic Apps so we can interact with Incidents via the API from ServiceNow
Dec 16 2019 01:44 PM
weird on the @ ...
we normally announce things in the what new blade
Not everything will be announced as some are minor features.
Jan 02 2020 07:48 AM
@Gary Bushey If an incident is triggered by a Microsoft Service data connector > Incidents > View Full Details > ALERT ID > ExtendedLinks should contain two Href links - one might be the security policy ID and the other the Security Alert ID - if you navigate to the URL in the Security alert ID is this the link you were looking for?
Jan 02 2020 08:06 AM
@mevops Have you also found that this Incident Link is a bit useless? All it does is link you to the exact same page you would receive if you click the 'View full details' button underneath. It would be much more useful if it copied out the Microsoft Service alert href from the extended properties in the alert.
Jan 03 2020 03:01 AM
@jcheal while I think Sentinel does indeed need a link back to the original Alert, if there is one, in this case the URL provided does just what I wanted it to. I wanted to be able to put this URL into a Team's message so that users had a quick and easy way to get back to the Incident. Now it just needs to show up as a field in the Logic App's connector :)
Feb 04 2020 11:09 AM
May 12 2020 06:59 PM
@Gary Bushey - were you able to find a way to reference this URL in a LogicApp for posting into Teams or ServiceNow?
May 27 2020 01:50 PM
@ Nicholas DiCola (SECURITY JEDI)
As a Security Analyst I prefer to go to the original Dashboard (e.g. in case I receive an MCAS ord Defender Alert in Sentinel, I like to jump out of Sentinel and go to the original Dashboard, as I have more analysis option there). Is there an easy way to navigate to the Source Dashboard? I think it is not so user friendly to search for the url in the logs (Extended Links).
May 28 2020 05:30 AM
@CurlX I would suggest adding this to the Azure Sentinel feedback site: https://feedback.azure.com/forums/920458-azure-sentinel
May 29 2020 12:41 AM
Great point. I already found it written by someone else :)