question

HUIACE-4516 avatar image
0 Votes"
HUIACE-4516 asked HUIACE-4516 edited

sentinel alert and incident

hi everyone I am new to sentinel, I know incidents can be made up of multiple alerts. and analytic rules can send out the alerts. can a single alert be an incident ?

microsoft-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered HUIACE-4516 edited

@HUIACE-4516 Thanks for reaching out.

You can certainly have a single alert generating an incident. While making the analytic query you can choose something like this :

131065-image.png

Let me know if you have any queries.



Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (68.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thank you so much kind man, if it's not too much trouble could you help me with another questions that I post ed this is the link




[1]: https://docs.microsoft.com/en-us/answers/questions/549479/sentinel-incident-and-alert.html

0 Votes 0 ·