You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/alerts-incidents-correlation.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,7 +77,7 @@ The contents of the incidents are handled in the following ways:
77
77
- A **`Redirected`** tag is added to the source incident.
78
78
- Entities (assets etc.) follow the alerts they're linked to.
79
79
- Analytics rules recorded as involved in the creation of the source incident are added to the rules recorded in the target incident.
80
-
- Currently, comments and activity log entries in the source incident are *not* moved to the target incident.<br>To see the source incident's comments and activity history, open the incident in Microsoft Sentinel in the Azure portal. The activity history includes the closing of the incident and the adding and removal of alerts, tags, and other items related to the incident merge. These activities are attributed to the identity *Microsoft Defender XDR - alert correlation*.
80
+
- Currently, migration of comments and audits of activity log entries is in *preview*.<br>To see the source incident's comments and activity history if you don't have access to the preview, open the incident in Microsoft Sentinel in the Azure portal. The activity history includes the closing of the incident and the adding and removal of alerts, tags, and other items related to the incident merge. These activities are attributed to the identity *Microsoft Defender XDR - alert correlation*.
0 commit comments