A recently released feature for Defender for Cloud allows security teams to capture the raw alert data for further investigation.
To do this…
 Locate the Security Alert from which you want the alert and click the Copy alert JSON link.
 Paste the JSON from the clipboard to another location. I’m using Notepad…
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]
[Learn KQL with the Must Learn KQL series and book]