Skip to content

Commit efb39b4

Browse files
LHL407LHL407
committed
more-articles-about-microsoft-sentinel-solutions
1 parent bf86b80 commit efb39b4

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/sentinel/sentinel-analytic-rules-creation.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ The `severity` attribute defines the severity level of the detection. Severity r
8787
* **High**: The identified activity provides the threat actor with wide-ranging access to conduct actions on the environment.
8888

8989
> [!NOTE]
90-
> Severity level defaults aren't a guarantee of current or environment impact level. Severity level applies only to Microsoft Sentinel analytics templates. Severity in the Alerts table is otherwise controlled by the security service from which the alert came. You can use `alertDetailsOverride` to provide a dynamic severity that depends on the actual outcome of the query.
90+
> Severity level defaults aren't a guarantee of the current or environment impact level. Severity level applies only to Microsoft Sentinel analytics templates. Otherwise, the security service that issued the alert controls the `severity` attribute in the Alerts table. You can use `alertDetailsOverride` to provide a dynamic `severity` attribute that depends on the actual outcome of the query.
9191
9292
### Required data connectors
9393

@@ -254,7 +254,7 @@ The `customDetails` attribute integrates event data into alerts, making it visib
254254

255255
### Alert details override
256256

257-
The `alertDetailsOverride` attribute is a dynamic field that you can use to override the alert details. You can use this attribute to provide more context or information to the analyst when the alert is triggered. When you use this feature, you ensure that analysts receive pertinent information, including relevant entity names, to facilitate a quicker and more accurate understanding of the incident. Limitations include:
257+
The `alertDetailsOverride` attribute is a dynamic field that you can use to override the alert details. You can use this attribute to provide more context or information to the analyst when the alert is triggered. When you use this feature, you ensure that analysts receive pertinent information, including relevant entity names, to facilitate a quicker, and more accurate understanding of the incident. Limitations include:
258258

259259
* A maximum of three parameters can be included in either the `name` or `description`.
260260
* The `name` must not exceed 256 characters, while the `description` is limited to 5,000 characters.

0 commit comments

Comments
 (0)