Apr 02 2020 07:48 AM
Sentinel's main screen is reporting 15 alerts for me during the last 24 hours. I click on the Alerts count and it drops me into Log Analytics and runs the Alerts query. Great.
The results show things like this.
Cool, this is all useful information. If I open any of these, there is no information on what user generated the issue or what file was edited. Would not the next logical step be for me to find out from the user that generated these alerts what they were doing to cause the alert to fire?
May 12 2020 04:33 PM
@jsebast1245: You might want to start with the incidents screen which will provide more information on the latest incidents, including the relevant entities.
Jun 17 2020 08:14 AM
Still doesn't seem very useful to me:
There are links to alerts and events but no info on what the actual action taken by AntiMalWare was which is really the information I'd expect this all to produce for me and which is what I'd be interesting in knowing from this incident.