It sure would be nice for Sentinel to report what user accounts generated Alerts

jsebast1245 · ‎Apr 02 2020

Sentinel's main screen is reporting 15 alerts for me during the last 24 hours. I click on the Alerts count and it drops me into Log Analytics and runs the Alerts query. Great.

The results show things like this.

Cool, this is all useful information. If I open any of these, there is no information on what user generated the issue or what file was edited. Would not the next logical step be for me to find out from the user that generated these alerts what they were doing to cause the alert to fire?

Ofer_Shezaf · ‎May 12 2020

@jsebast1245: You might want to start with the incidents screen which will provide more information on the latest incidents, including the relevant entities.

jsebast1245 · ‎Jun 17 2020

Still doesn't seem very useful to me:

There are links to alerts and events but no info on what the actual action taken by AntiMalWare was which is really the information I'd expect this all to produce for me and which is what I'd be interesting in knowing from this incident.

It sure would be nice for Sentinel to report what user accounts generated Alerts

It sure would be nice for Sentinel to report what user accounts generated Alerts

Re: It sure would be nice for Sentinel to report what user accounts generated Alerts

Re: It sure would be nice for Sentinel to report what user accounts generated Alerts

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

It sure would be nice for Sentinel to report what user accounts generated Alerts

It sure would be nice for Sentinel to report what user accounts generated Alerts

Re: It sure would be nice for Sentinel to report what user accounts generated Alerts

Re: It sure would be nice for Sentinel to report what user accounts generated Alerts