Security Incident Response form after alert ingestion

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • After a Microsoft Graph Security API alert has been ingested, a security incident is created and the corresponding updates are made to the security incident record.

    Worknotes

    If you had selected the Log work note for new alert option in the alert Aggregation Criteria as described in the Mapping alerts to security incident response fields, a worknote is posted when the alert is aggregated.


    Microsoft Graph Security API: Log worknote

    Click on the alert link to navigate to the internal alert import record that contains raw alert data.


    Microsoft Graph Security API Alert Import Record

    Aggregated alerts

    Click Related Lists > Aggregated Microsoft Graph Security alerts to view the alerts aggregated to the security incident.


    Microsoft Graph Security API: aggregated alerts
    • Create security incident: Select an alert from the list, click the Actions menu and click Create security incident. This option creates a new security incident for the alert and this alert is de-aggregated from the parent security incident.
    • Delete alert record: Select an alert from the list, click the Actions menu and click Delete. This option deletes the alert record.