šØ Attention SecOps Analysts! Big news from Microsoft Sentinel this month! We’ve implemented a pivotal change in how incidents are created from analytic rules under specific conditions. š ļø
This update affects analytic rules where Event Grouping is set to ‘Trigger an alert for each event’ and Alert grouping is enabled. While it may influence the behavior of automation rules and incident schema in playbooks, the goal is clear: to provide incidents with more comprehensive information and streamline automation.
š„ To clarify this change, I’ve created an illustrative video explaining the execution behavior of analytic rules before and after this update, check out my LinkedIn post by clicking the button below.
Your feedback is invaluable, so please watch and share your thoughts!