Security Incidents in Azure Sentinel

Manging and Investigating Incidents

An incident

• is created based on alerts
• can be based on first-party analytics from Microsoft Security Solutions
• can also be created via a bookmark
• can include one or multiple alerts
• contains evidence that can be used for further investigation