![]() ![]() You can query it like any other table in Log Analytics.Įvery time you create or update an incident, a new log entry will be added to the table. You'll find it with the other tables in the SecurityInsights collection under Logs. The SecurityIncident table is built into Microsoft Sentinel. You can also write and use your own KQL queries against the incident table to create customized workbooks that fit your specific auditing needs and KPIs. You'll be able to visualize your team's performance over time and use this insight to improve efficiency. ![]() Microsoft Sentinel now makes this data available to you with the new SecurityIncident table and schema in Log Analytics and the accompanying Security operations efficiency workbook. You'll want to see incident operations over time by many different criteria, like severity, MITRE tactics, mean time to triage, mean time to resolve, and more. For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.Īs a Security Operations Center (SOC) manager, you need to have overall efficiency metrics and measures at your fingertips to gauge the performance of your team. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |