A new feature in Preview has just rolled out into customers’ Microsoft Sentinel environments that has become one of the more popular asks and more evidence that the Microsoft teams work hard to deliver on customer requests.
If you’ve ever felt that you needed just a bit more capability for Automation Rules, there are now advanced conditions available.
With the new capability, you can create multiple levels of both simple (at least two) and complex conditions for quickly automating responses to incoming Microsoft Sentinel Incidents.
The Docs have been updated already to reflect the changes:
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]