cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Threat Intelligence Analytics

sachu245
Copper Contributor

‎Dec 27 2022 01:03 PM - edited ‎Dec 28 2022 08:38 AM

‎Dec 27 2022 01:03 PM - edited ‎Dec 28 2022 08:38 AM

Microsoft Threat Intelligence Analytics

We have few domain names detected from this rule and the  domain names are mentioned in the Microsoft Threat Intelligence. But the device action for the domain names is Sinkhole. We are receiving multiple incidents for the same domain names and this is not a customizable rule. How can the incident noise be reduced for this scenario ?  @Rod Trent have you got any solution for this ?

 

Labels:
897 Views
0 Likes
1 Reply
Reply
1 Reply
Rod_Trent

‎Dec 29 2022 08:29 AM

‎Dec 29 2022 08:29 AM

Re: Microsoft Threat Intelligence Analytics

Have you considered building a Watchlist with the reported domains?

https://learn.microsoft.com/en-us/azure/sentinel/watchlists-queries
0 Likes
Reply