cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What's New: Tags column is now available in Azure Sentinel incidents page!

Cristhofer Munoz
Microsoft

‎Nov 11 2020 08:54 AM

‎Nov 11 2020 08:54 AM

What's New: Tags column is now available in Azure Sentinel incidents page!

Hello everyone,


We are happy to share with you a small but important improvement we added to our incidents blade – a new tag column is now available as part of the Incidents list!

 

Tags are an integral part of the triaging process so we are now exposing them in a new column of the incident list. This improvement allows users to get informed about the tags that are related to the incidents without having to pivot to the incident preview page or full details. Every second counts, right? 

 

tag.jpg

 

 

 

Labels:
4,856 Views
1 Like
3 Replies
Reply
3 Replies
Paolo1490

‎Feb 07 2023 02:18 AM

‎Feb 07 2023 02:18 AM

Re: What's New: Tags column is now available in Azure Sentinel incidents page!

Hi @Cristhofer Munoz is it possible to search for these tags via KQL?

 

Specifically I am running a search of security incidents this year, and I would like to 'not' include any tickets with an 'auto close' tag. This would provide me with a list and number of tickets by 'humans' in my team rather than including ones closed by playbooks and automation etc.

 

Cheers.

0 Likes
Reply
Clive_Watson

‎Feb 07 2023 03:50 AM

‎Feb 07 2023 03:50 AM

Re: What's New: Tags column is now available in Azure Sentinel incidents page!



Labels == Tags

SecurityIncident
| extend Tags = parse_json(Labels)
| extend labelName_ = tostring(Tags[0].labelName)
| where isnotempty(labelName_)
0 Likes
Reply