User Profile
ryanksmith
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Query Alert Status and Assigned User
Looking to query to alerts/incidents that have not been assigned/picked up or to look at the current status (New/In Progress) to detect and alert on stale events. I use the following query to generate a list of all the SOC events the staff are looking at but I don't not see a User or Status field, anyone have a answer or work around to this one? SecurityAlert | where ProviderName == 'ASI Scheduled Alerts' or ProviderName == 'CustomAlertRule'Azure Sentinel Logic App write back to comment
Hi All, I am trying to write the output of a HTTP GET (Which works) to a comment in Sentinel, from my review it appears as if the ID's and Groups are set correctly but I am getting a Bad Request. Has anyone had any success writing back to comments (yes I know this is preview)
