Hello folks,

I am trying to stream the vulnerabilities in MDE and MDFC as an alert (or incident), basically something that can be assigned to an analyst to work upon.

I tried using custom detection rule in the defender portal (using the DevicTvm tables), and it seems that 'Report ID' is missing to get it created, has anyone experienced anything like this? The same goes when I try to create an alert through a logic app for a MDFC vulnerability recommendation.

Appreciate your inputs.