You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
## How to access Azure Sentinel from other tenants
29
29
1. Under **Directory + subscription**, select the delegated directories, and the subscriptions where your customer’s Azure Sentinel workspaces are located.
2. Open Azure Sentinel. You will see all the workspaces in the selected subscriptions, and you’ll be able to work with them seamlessly, like any workspace in your own tenant.
32
+
33
+
1. Open Azure Sentinel. You will see all the workspaces in the selected subscriptions, and you’ll be able to work with them seamlessly, like any workspace in your own tenant.
32
34
33
35
> [!NOTE]
34
36
> You will not be able to connect connectors in Azure Sentinel from within a managed workspace. To connect a connector, you must directly sign into the tenant on which you want to connect a connector and authenticate there with the required permissions.
Copy file name to clipboardExpand all lines: articles/sentinel/offboard.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,7 +69,7 @@ Within the first 48 hours, the data and alert rules (including real-time automat
69
69
70
70
- Bookmarks
71
71
72
-
Your playbooks, saved workbooks, saved hunting queries, and notebooks are not deleted. **Some may brake due to the removed data. You can remove those manually.**
72
+
Your playbooks, saved workbooks, saved hunting queries, and notebooks are not deleted. **Some may break due to the removed data. You can remove those manually.**
73
73
74
74
After you remove the service, there is a grace period of 30 days during which you can re-enable the solution and your data and alert rules will be restored but the configured connectors that were disconnected must be reconnected.
Copy file name to clipboardExpand all lines: articles/sentinel/tutorial-detect-threats-custom.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ You can create custom analytic rules to help you search for the types of threats
40
40
41
41
42
42
43
-
1. In the **Settings** tab, you can either write a query directly, or create the query in Log Analytics, and then paste it into the **Search query** field. As you change and configure your query, Azure Sentinel simulates the query results in the **Results preview** window, on the right. This enables you to gain insight into how much data would be generated over a specific time interval for the alert you are creating. The amound depends on what you set for **Run query every** and **Lookup data from the last**. If you see that, on average, your alert would trigger alerts too frequently, you can set the number of results higher, so that it's above your average baseline.
43
+
1. In the **Settings** tab, you can either write a query directly, or create the query in Log Analytics, and then paste it into the **Search query** field. As you change and configure your query, Azure Sentinel simulates the query results in the **Results preview** window, on the right. This enables you to gain insight into how much data would be generated over a specific time interval for the alert you are creating. The amount depends on what you set for **Run query every** and **Lookup data from the last**. If you see that, on average, your alert would trigger alerts too frequently, you can set the number of results higher, so that it's above your average baseline.
44
44
45
45
46
46
@@ -64,7 +64,7 @@ You can create custom analytic rules to help you search for the types of threats
64
64
65
65
1. Define alert trigger conditions under **Alert trigger**. Under **Entity mapping**, you can map the columns in your query to entity fields recognized by Azure Sentinel. For each field, map the relevant column in the query you created in Log Analytics to the appropriate entity field. Each entity includes multiple fields, for example SID and GUID. You can map the entity according to any fields, not just the upper level entity.
66
66
67
-
1. In the **Response automation** tab, select any playbooks you want to run automatically when an alert is generated by the custom rule. For more information on creating and automating playbooks, see [Respond to threats](https://review.docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook).
67
+
1. In the **Response automation** tab, select any playbooks you want to run automatically when an alert is generated by the custom rule. For more information on creating and automating playbooks, see [Respond to threats](tutorial-respond-threats-playbook.md).
68
68
69
69
70
70
@@ -74,7 +74,7 @@ You can create custom analytic rules to help you search for the types of threats
74
74
75
75
1. After the alert is created, a custom rule is added to the table under **Active analytic rules**. From this list you can enable, disable, or delete each rule.
76
76
77
-
1. To view the results of the alert rules you create, go to the **Incidents** page, where you can triage, [investigate incidents](https://review.docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases), and remediate the threats.
77
+
1. To view the results of the alert rules you create, go to the **Incidents** page, where you can triage, [investigate incidents](tutorial-investigate-cases.md), and remediate the threats.
0 commit comments