question

HUIACE-4516 avatar image
0 Votes"
HUIACE-4516 asked vipulsparsh-MSFT answered

Sentinel incident trigger

Hi folks

I’m new to sentinel, after going through the documentation I have a few questions regarding the incident trigger.
So, According to the Microsoft sentinel Documentation
“Playbooks with this trigger do not support alert grouping, meaning they will receive only the first alert sent with each incident. ”

Why the incident trigger do not support alert grouping and why they will only receive the first alert. Thank you so much, I just can’t get my head around with this concept.
Cheers

microsoft-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@HUIACE-4516 Thanks for reaching out.

This is more of a known limitation and Product group might make some changes in future.
You can always always use the alert trigger to group the alerts and perform automation.

Do you have any specific scenario in mind which is causing the road blocker ?


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.