Skip to content

Commit ab73ca7

Browse files
limwainsteinlimwainstein
committed
Final changes
1 parent e292836 commit ab73ca7

File tree

1 file changed

+1
-3
lines changed

1 file changed

+1
-3
lines changed

articles/sentinel/get-visibility.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ In this article, you will learn how to quickly be able to view and monitor what'
1313

1414
## Get visualization
1515

16-
To visualize and get analysis of what's happening on your environment, first, take a look at the overview dashboard to get an idea of the security posture of your organization. You can click on each element of these tiles to drill down to the raw data from which they are created. To help you reduce noise and minimize the number of alerts you have to review and investigate, Microsoft Sentinel uses a fusion technique to correlate alerts into incidents. **Incidents** are groups of related alerts that together create an actionable incident that you can investigate and resolve.
16+
To visualize and get analysis of what's happening on your environment, first, take a look at the overview dashboard to get an idea of the security posture of your organization. To help you reduce noise and minimize the number of alerts you have to review and investigate, Microsoft Sentinel uses a fusion technique to correlate alerts into incidents. **Incidents** are groups of related alerts that together create an actionable incident that you can investigate and resolve.
1717

1818
In the Azure portal, select Microsoft Sentinel and then select the workspace you want to monitor.
1919

@@ -32,8 +32,6 @@ You see different types of incident data under **Incidents**.
3232
- On the bottom left, a graph breaks up the incident status by creation time, in four hour intervals.
3333
- On the bottom right, you can see the mean time to acknowledge an incident and mean time to close, with a link to the SOC efficiency workbook.
3434

35-
Check to see that there isn't a dramatic increase or drop in the number of incidents. If there is a drop, it could be that a connection stopped reporting to Microsoft Sentinel. If there is an increase, something suspicious may have happened. Check to see if you have new alerts.
36-
3735
### View automation data
3836

3937
You see different types of automation data under **Automation**.

0 commit comments

Comments
 (0)