Hi,
Can someone help me how to achieve this.
We configured azure sentinel to auto-create incidents in the incident table ( we do not have sec-ops).
Incidents are being created, however, I want to capture the sentinel incident number in custom field u_sentinel_number for reporting purpose.
The sentinel incident number is always captured in the end of the short description of the incident.
example of short description" SignInLogs(Nxxxxxxxoks-xxxxxxxxxg-With-MSFT) - Incident number: 3**6
