Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Azure B2B guest users licensing question+1 Following postRe: MDE repeatable false positive "Multi-stage incident involving Privilege escalation..." How to fix?make sure you have access to existing TI projects. While creating a new one , it shows "accessible to Me" option.Re: MDE repeatable false positive "Multi-stage incident involving Privilege escalation..." How to fix?There is a section called Threat Intelligence. if you dont find it, try going to https://ti.defender.microsoft.com/projects?tab=team
Recent Blog ArticlesMost RecentMost LikesRe: Sending enriched Microsoft Sentinel alerts to 3rd party SIEM and Ticketing Systems Henry_Pieterse: After deployment of logic app, go to azure portal => logic app => propeties => outgoing Ips. You need to add these to allow communication Re: Sending enriched Microsoft Sentinel alerts to 3rd party SIEM and Ticketing Systems solman07 You can use the Automation in Azure Sentinel. Create a play book with incident trigger. Create an automation rule to file a playbook on incident creation. With in the playbook, with inc...Re: Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing Systems Hi Yash, We have to either use incident APIs or poll SecurityIncident table in senitnel connected workspace to get info of created/updated incidents and pass them to ITSM (assuming ITSM has RestAPIs...Re: Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing Systems HetashParmarYou can use Incident APIs available hee https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsightsto poll inci...Re: Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing Systems JanBakkerOrphanedPlease find the Arm template here :https://github.com/maheshmarthi/PublicSamples Re: Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing Systems HetashParmar. You have option to use Incident APIs available here. https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsi...Re: Sending alerts enriched with supporting events from Azure Sentinel to 3rd party SIEMs JanBakkerOrphaned, I have done some work on this. Below is the logic app over view Input is taken as a string it is the whole json fromhere(as you mentioned). Then I parsed i...Re: Sending alerts enriched with supporting events from Azure Sentinel to 3rd party SIEMs JanBakkerOrphaned, The Sentinel trigger brings the alert rule related data and running it on Log analytics using query extended options gets the events. So do you mean pushing data from Log analy...
