I have been banging my head against the wall to understand why i had so many closed incidents. This is exactly what I needed. That summarize line saved me! Thanks for the explanation and the line i needed to get the data im looking for!
You may want to check the guidance here and the curated data to setup labs on sentinel : techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-part1-a-lab-w-prerecorded-data-amp-a-custom/ba-p/1260191
I have been banging my head against the wall to understand why i had so many closed incidents. This is exactly what I needed. That summarize line saved me! Thanks for the explanation and the line i needed to get the data im looking for!
Had a try, a great and simple feature to use. Thanks for the update!
Was waiting for this feature, thanks!
For me, the SecurityIncident table was located under Azure Sentinel
Where can I get sample ingest data to import to Azure Sentinel and run labs for that queries?
You may want to check the guidance here and the curated data to setup labs on sentinel : techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-part1-a-lab-w-prerecorded-data-amp-a-custom/ba-p/1260191