A new, expanded capability has now been made public (in preview) in the Analytics Rule wizard to help minimize noise through alert grouping alignment.
Azure Sentinel customers can now group alerts by all V3 entity types, custom fields, and by dynamic Severity and Status.
This feature is accessed through the Analytics Rule wizard on the Incident settings (Preview) page.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
You must log in to post a comment.