Ely_AbramovitchFormer EmployeeJoined Apr 16, 202011 Posts32 LikesLikes received2 SolutionsView All Badges
Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Get entities for a Sentinel Incidient by APIHi Jeroen, Adding entities to incidents is indeed planned. Stay tuned for updates on our blog for this. In the man time, another route you can take is by adding bookmarks to entities. In a bookmark you can map an entity and add it to the incident. Once you do, the entity will be added as well. Thanks, ElyRe: Custom Entities Hi,Thijs Lecomte This is Ely from the product group. Supporting more entities as part of scheduled alerts is indeed required and planned. We are working on a solution to support a more flexible way to map entities that will support more entity types and more fields for each entity. The requirement for supporting arrays is a bit different and will require some thought. A short-term solution can be to use the mv-expand operator to create a line for each IP address and then map them using the regular way. You can then use the Alert Grouping feature (now available in public preview) to make sure you group the alerts as to not generate too many incidents. Re: MDATP Full Telemetry Ingestion Hi kylemiller061 I'm Ely from the product group. Getting MDATP data to Sentinel is indeed part of our roadmap and planned for the next few month Thanks,
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagWhat’s new: incident expansion – relate alerts to incidents Expand the scope of your investigation and track sophisticated attacks with Microsoft Sentinel What's new: Similar incidents in Microsoft Sentinel Uncover connections to other incidents that are similar to the one you are investigating with the new Similar incidents feature What's new: Azure Sentinel new onboarding/offboarding API A new centralized API to onboard and offboard to Azure Sentinel to simplify deployments and management What’s new: Incident timeline New timeline UI element to help analysts get context on incidents fast and help with building the incident timeline. What’s new: Automation rules Streamline your automation usage in Azure Sentinel with the new Automation Rules, making your SOC more efficient and effective. Whats new: Azure Sentinel and Microsoft 365 Defender incident integration Harness the breadth and depth of integrated SIEM and XDR with new Microsoft 365 integration What's new: Azure Sentinel and Microsoft Defender ATP improved alert integration Improved alert integration with Microsoft Defender ATP to facilitate and expedite triage and investigation of MDATP incidents in Azure Sentinel.
