one question, do you believe that users should be given the option to isolate a machine? the adaptive card may not provide all the info available, so I was thinking: maybe the user should investigate the incident in sentinel b4 he gets to isolate a vm.
The bi-directional sync. between Sentinel & Defender 365 does certainly synchronize all incidents both sides. However, even if all alerts of one incident get closed in Security Center (Defender), the Sentinel incident will still be open. Do you know any fast fix for this? Im currently working on a playbook to mitigate this uncomfort. If you want we can link up on teams and talk.
jus lemme say I really appreciate your content.
Kudos to you mate, great high level tutorial. Implementing similar to gather response for risky users :).
Please can you create a tutorial showing how u created the hosts design in logic apps? been struggling with it
one question, do you believe that users should be given the option to isolate a machine?
the adaptive card may not provide all the info available, so I was thinking: maybe the user should investigate the incident in sentinel b4 he gets to isolate a vm.
The bi-directional sync. between Sentinel & Defender 365 does certainly synchronize all incidents both sides.
However, even if all alerts of one incident get closed in Security Center (Defender), the Sentinel incident will still be open.
Do you know any fast fix for this?
Im currently working on a playbook to mitigate this uncomfort.
If you want we can link up on teams and talk.
How to deploy content hub solutions quickly with a script ?
Turn on the repository feature in Sentinel