You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/bookmarks.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,6 @@ appliesto:
10
10
- Microsoft Sentinel in the Microsoft Defender portal
11
11
- Microsoft Sentinel in the Azure portal
12
12
13
-
14
13
#Customer intent: As a security analyst, I want to create and manage hunting bookmarks so that I can preserve and collaborate on relevant threat investigation data.
15
14
16
15
---
@@ -19,13 +18,16 @@ appliesto:
19
18
20
19
Hunting bookmarks in Microsoft Sentinel helps you preserve the queries and query results that you deem relevant. You can also record your contextual observations and reference your findings by adding notes and tags. Bookmarked data is visible to you and your teammates for easy collaboration. For more information, see [Bookmarks](hunting.md#bookmarks-to-keep-track-of-data).
21
20
21
+
>[!NOTE]
22
+
> Bookmarks can only be created in the Azure portal. While you can't add bookmarks in the Microsoft Defender portal, you can see bookmarks that were already created.
Create a bookmark to preserve the queries, results, your observations, and findings.
27
29
28
-
1.For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Threat management** select **Hunting**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select**Microsoft Sentinel** > **Threat management** >**Hunting**.
1. From the **Queries** tab, select one or more of the hunting queries.
30
32
1. From the top command bar, select **Run selected queries**.
31
33
@@ -83,7 +85,7 @@ Visualize your bookmarked data by launching the investigation experience in whic
83
85
84
86
For instructions to use the investigation graph, see [Use the investigation graph to deep dive](investigate-cases.md#use-the-investigation-graph-to-deep-dive).
85
87
86
-
## Add bookmarks to a new or existing incident
88
+
## Add bookmarks to a new or existing incident (Azure portal only)
87
89
88
90
Add bookmarks to an incident from the bookmarks tab on the **Hunting** page.
89
91
@@ -103,7 +105,6 @@ Add bookmarks to an incident from the bookmarks tab on the **Hunting** page.
103
105
1. Select the incident with your bookmark and **View full details**.
104
106
1. On the incident page, in the left pane, select the **Bookmarks**.
105
107
106
-
107
108
## View bookmarked data in logs
108
109
109
110
View bookmarked queries, results, or their history.
0 commit comments