Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

It sure would be nice for Sentinel to report what user accounts generated Alerts

Copper Contributor

Sentinel's main screen is reporting 15 alerts for me during the last 24 hours.  I click on the Alerts count and it drops me into Log Analytics and runs the Alerts query.  Great.

The results show things like this.



Cool, this is all useful information.  If I open any of these, there is no information on what user generated the issue or what file was edited.  Would not the next logical step be for me to find out from the user that generated these alerts what they were doing to cause the alert to fire? 

2 Replies

@jsebast1245: You might want to start with the incidents screen which will provide more information on the latest incidents, including the relevant entities.  

Still doesn't seem very useful to me:






There are links to alerts and events but no info on what the actual action taken by AntiMalWare was which is really the information I'd expect this all to produce for me and which is what I'd be interesting in knowing from this incident.