cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft sentinel Incident entities mapping not showing some alert fields

TAMMM
Copper Contributor

‎Feb 26 2024 12:45 PM

‎Feb 26 2024 12:45 PM

Microsoft sentinel Incident entities mapping not showing some alert fields

Hello,

 

I am working on the rule "Attempt to bypass conditional access rule in Azure AD" that only show Account entity. I modified the rule to add an IP entity named "IPAddresses" that content a set of IPAddresses (this field  was built with make_list fonction).

 

But unfortunately this content does not appear in entities area .

 

Can you help me please !

you can simulate the case with the rule i mentioned above.

 

 

Labels:
243 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Feb 27 2024 03:35 AM

‎Feb 27 2024 03:35 AM

Re: Microsoft sentinel Incident entities mapping not showing some alert fields

This is now called: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Entra%20ID/Analytic%20Rule...

You can see that the standard rule if deployed from the YAML will map IP Address without amending it.
0 Likes
Reply