You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/bookmarks.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,9 +26,8 @@ Hunting bookmarks in Microsoft Sentinel helps you preserve the queries and query
26
26
Create a bookmark to preserve the queries, results, your observations, and findings.
27
27
28
28
1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Threat management** select **Hunting**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Threat management** > **Hunting**.
29
-
1. From the **Hunting** tab, select a hunt.
30
-
1. Select one of the hunting queries.
31
-
1. In the hunting query details, select **Run Query**.
29
+
1. From the **Queries** tab, select one or more of the hunting queries.
30
+
1. From the top command bar, select **Run selected queries**.
32
31
33
32
1. Select **View query results**. For example:
34
33
@@ -38,7 +37,7 @@ Create a bookmark to preserve the queries, results, your observations, and findi
38
37
39
38
1. From the log query results list, use the checkboxes to select one or more rows that contain the information you find interesting.
40
39
41
-
1.Select**Add bookmark**:
40
+
1.In Azure portal, select**Add bookmark**:
42
41
43
42
:::image type="content" source="media/bookmarks/add-hunting-bookmark.png" alt-text="Screenshot of adding hunting bookmark to query." lightbox="media/bookmarks/add-hunting-bookmark.png":::
44
43
@@ -56,7 +55,7 @@ Create a bookmark to preserve the queries, results, your observations, and findi
56
55
57
56
1. Select **Save** to commit your changes and add the bookmark. All bookmarked data is shared with other analysts, and is a first step toward a collaborative investigation experience.
58
57
59
-
The log query results support bookmarks whenever this pane is opened from Microsoft Sentinel. For example, you select **General** > **Logs** from the navigation bar, select event links in the investigations graph, or select an alert ID from the full details of an incident. You can't create bookmarks when the **Logs** pane is opened from other locations, such as directly from Azure Monitor.
58
+
The log query results support bookmarks whenever this pane is opened from Microsoft Sentinel. For example, if you select **General** > **Logs** from the navigation bar, select event links in the investigations graph, or select an alert ID from the full details of an incident. You can't create bookmarks when the **Logs** pane is opened from another location, such as directly from Azure Monitor.
60
59
61
60
## View and update bookmarks
62
61
@@ -86,7 +85,7 @@ For instructions to use the investigation graph, see [Use the investigation grap
86
85
87
86
## Add bookmarks to a new or existing incident
88
87
89
-
Add bookmarks to an incident from the bookmarks tab on the **Hunting** page.
88
+
Add bookmarks to an incident from the bookmarks tab on the **Hunting** page.
90
89
91
90
1. From the **Bookmarks** tab, select the bookmark or bookmarks you want to add to an incident.
0 commit comments