User Profile
karacole
MicrosoftJoined 8 years ago
User Widgets
Recent Discussions
Re: Incident Investigation question
GaryBushey This might be due to the new Event Aggregation feature that was released into Public Preview today. This feature is meant to help you reduce the noise in your Azure Sentinel incidents queue. Today, each alert generated from a scheduled Analytics rule creates a new Azure Sentinel incident. Using the new ‘Incident Configuration’ tab in the Analytics rule wizard, you can configure how alerts generated by that Analytics rule are aggregated into incidents. You can also decide to run scheduled alerts that do not generate an incident at all – but are only saved in the SecurityAlert table in your Azure Sentinel workspace.2.5KViews0likes2CommentsRe: Possible bug with an Incident Closed comment on Details page
Hi. I tested this as well and believe I see what you are experiencing. The comments as to why something is closed are only visible when you select alerts, bookmarks, and entities. When you select comments, the reason for closing the incident is shown but the comments of why is no longer visible. I will put in a request to look into this.945Views0likes0Comments
Recent Blog Articles
No content to show