Did you know you can manually create an Incident in Azure Sentinel through the UI? Some folks don’t, so I thought it might be useful to know how this works.
In the Hunting blade, locate a Hunting query and run it. Locate one that has results and the click the View Results option.
In the query results window, select rows of data and then create Bookmarks from those rows.
Jump back to the Bookmarks tab in the Hunting blade. Locate the newly created bookmarks and choose to add them to a New Incident.
Here’s an example of a manually created Incident.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
You must log in to post a comment.