Security News > 2022 > September > Security pros get ability to manually add incidents to Microsoft Sentinel

Reports of such malicious events can come from a range of sources and those that are identified by security event and incident management and extended detection and response systems are automatically collected into alerts, which then become incidents.

Given that, Microsoft is introducing a feature to Sentinel to enable security analysts to manually create an incident report and the ability to manually delete the incident if needed.

"With the 'manual incident creation' feature, analysts can now create an incident manually in the Sentinel portal and also by using the new 'Create incident' LogicApp action," she wrote.

Shechter wrote that two playbooks in the Sentinel template gallery will enable users to create out-of-the-box incidents that use the email template and Microsoft Forms, which will reduce the time between the SOC learning about the incident and when the incident is logged in Sentinel.

Incidents can be deleted either by using an API or the "Delete" button in the incidents grid, according to Shechter.

Shechter said the new capabilities for manually creating or deleting incidents are important for giving enterprises a more complete picture of the threats they face and wrote that "More capabilities will be added to Sentinel to allow better case management, and to this feature: such as the ability to relate entities, relate alerts and add evidence." .

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/12/microsoft_sentinel_manual_siem_reports/