Investigation Graph through the Hunting Blade ?

Occasional Contributor

Hi all, 

Is there a way to use the investigation graph through the hunting queries ? 
I have created a hunting query to find when users are assigned Azure AD roles outside of PIM, with the associated entities (account, IpAddress). Can I investigate with the graph directly or do I have to create an analytic rule each time ? 

Kind regards, 

Emmanuel NGUYEN

4 Replies

@emmanuelnguyen You can save the results you care about as bookmarks and kick off the investigation from them.

@emmanuelnguyen 

 

As part of the Hunt save as a bookmark, then go to the Bookmark tab, and there is an Investigate button.  https://docs.microsoft.com/en-us/azure/sentinel/bookmarks

Annotation 2020-05-06 193922.jpg

 

Thank you so much !!
Thank you so much for the additional details !