Azure Sentinel Alert Grouping Upgraded to Include New Entity Types, Custom Fields, and More

A new, expanded capability has now been made public (in preview) in the Analytics Rule wizard to help minimize noise through alert grouping alignment.

Azure Sentinel customers can now group alerts by all V3 entity types, custom fields, and by dynamic Severity and Status.

New Alert Grouping Capabilities

This feature is accessed through the Analytics Rule wizard on the Incident settings (Preview) page.


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]


Leave a Reply