cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Manage Microsoft 365 Defender Alerts in Azure Sentinel

mathurin68
Brass Contributor

‎Jan 28 2022 02:00 PM

‎Jan 28 2022 02:00 PM

Manage Microsoft 365 Defender Alerts in Azure Sentinel

We're trying to find a way to manage the 'out of the box' alerts that come with Defender 365 about 95% of which are FP.  Is there a way to build some sort of dashboard in Sentinel with alerts?  I don't mean incidents, we aren't there yet, I just mean alerts?  

 

Preferably, with enough information about the alert that the analyst can make a quick decision and move on... 

 

Thanks!! 

Labels:
1,242 Views
0 Likes
2 Replies
Reply
2 Replies
digitalohm

‎Jan 28 2022 02:45 PM

‎Jan 28 2022 02:45 PM

Re: Manage Microsoft 365 Defender Alerts in Azure Sentinel

Hey there. Check out the Active Alerts Workbook at https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks/Azure%20Defender%20Active%...

That might be a good place to start as you can edit the workbook to see all the KQL involved and adjust to taste.
0 Likes
Reply
mathurin68

‎Jan 31 2022 06:31 AM

‎Jan 31 2022 06:31 AM

Re: Manage Microsoft 365 Defender Alerts in Azure Sentinel

@digitalohm - thank you!
0 Likes
Reply