A recently released feature for Defender for Cloud allows security teams to capture the raw alert data for further investigation.
To do this…
[1] Locate the Security Alert from which you want the alert and click the Copy alert JSON link.

[2] Paste the JSON from the clipboard to another location. I’m using Notepad…

=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]
[Learn KQL with the Must Learn KQL series and book]