Dec 27 2022 01:03 PM - edited Dec 28 2022 08:38 AM
We have few domain names detected from this rule and the domain names are mentioned in the Microsoft Threat Intelligence. But the device action for the domain names is Sinkhole. We are receiving multiple incidents for the same domain names and this is not a customizable rule. How can the incident noise be reduced for this scenario ? @Rod Trent have you got any solution for this ?
Dec 29 2022 08:29 AM