You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/bookmarks.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,7 @@ Currently in preview, if you find something that urgently needs to be addressed
31
31
32
32
Also in preview, you can visualize your bookmarked data, by clicking **Investigate** from bookmark details. This launches the investigation experience in which you can view, investigate, and visually communicate your findings using an interactive entity-graph diagram and timeline.
33
33
34
-
## Run a Log Analytics query from Azure Sentinel and add a bookmark
34
+
## Add a bookmark
35
35
36
36
1. In the Azure portal, navigate to **Sentinel** > **Threat management** > **Hunting** to run queries for suspicious and anomalous behavior.
37
37
@@ -51,18 +51,18 @@ Also in preview, you can visualize your bookmarked data, by clicking **Investiga
51
51
52
52
6. On the right, in the **Add hunting bookmark** blade, optionally, update the bookmark name, add tags, and notes to help you identify what was interesting about the item.
53
53
54
-
7. In the **Query information** section, use the drop down boxes to extract information from the query results for the **Account**, **Host**, and **IP address** entity types. This action maps the selected entity type to a specific column from the query result. For example:
54
+
7. In the **Query Information** section, use the drop down boxes to extract information from the query results for the **Account**, **Host**, and **IP address** entity types. This action maps the selected entity type to a specific column from the query result. For example:
55
55
56
56
> [!div class="mx-imgBorder"]
57
57
> 
58
58
59
-
To view the bookmark in the investigation graph, you must map at least one entity type that is either **Account**, **Machine**, or **IP address**.
59
+
To view the bookmark in the investigation graph (currently in preview), you must map at least one entity type that is either **Account**, **Host**, or **IP address**.
60
60
61
61
5. Click **Add** to commit your changes and add the bookmark. All bookmarked data is shared with other investigators, and is a first step toward a collaborative investigation experience.
62
62
63
63
64
64
> [!NOTE]
65
-
> The log query results support bookmarks whenever this blade is opened from Azure Sentinel. For example, you select **General** > **Logs** from the navigation bar, select event links in the investigations graph, or select an alert ID from the full details of an incident. The ability to create bookmarks is not present when the **Logs** blade is opened from other locations, such as directly from Azure Monitor.
65
+
> The log query results support bookmarks whenever this blade is opened from Azure Sentinel. For example, you select **General** > **Logs** from the navigation bar, select event links in the investigations graph, or select an alert ID from the full details of an incident. You can't create bookmarks when the **Logs** blade is opened from other locations, such as directly from Azure Monitor.
0 commit comments