Ingest sample alerts from your Microsoft Azure tenant.
Before you begin
Role required: sn_si.admin
Procedure
-
You can either pull the 5 most recent sample alerts or provide the unique alert
IDs for the specific alerts that you want to use for your mapping
experience.
From the
Ingestion Preference list, select one of the following:
- Retrieve most recent alerts: The 5 most recent alerts are retrieved.
- Select alerts based on alerts ID: Specify the alert ID for the alerts to be retrieved. You can specify a maximum of 5 alert ids separated by commas.
-
Select Fetch Sample Data to pull the latest sample alert data from the Microsoft Azure tenant.
The pull for sample alerts may take a few moments.
The sample alert field values are populated on the left side of the form when sample alerts are ingested by the profile. These are the alerts that you map to the SIR security incident fields. The alert fields and values results are displayed as individual tabs.
What to do next
After you have fetched the sample data, the next step is map the alert fields to the security incident.