hi everyone I am new to sentinel, I know incidents can be made up of multiple alerts. and analytic rules can send out the alerts. can a single alert be an incident ?
hi everyone I am new to sentinel, I know incidents can be made up of multiple alerts. and analytic rules can send out the alerts. can a single alert be an incident ?
@HUIACE-4516 Thanks for reaching out.
You can certainly have a single alert generating an incident. While making the analytic query you can choose something like this :

Let me know if you have any queries.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
thank you so much kind man, if it's not too much trouble could you help me with another questions that I post ed this is the link
[1]: https://docs.microsoft.com/en-us/answers/questions/549479/sentinel-incident-and-alert.html
3 people are following this question.