Ingest sample alerts from your Microsoft Azure tenant.

Before you begin

Role required: sn_si.admin

Procedure

  1. You can either pull the 5 most recent sample alerts or provide the unique alert IDs for the specific alerts that you want to use for your mapping experience.
    From the Ingestion Preference choice list, select one of the following:
    • Retrieve most recent alerts: The 5 most recent alerts are retrieved.
    • Select alerts based on alerts ID: Specify the alert ID for the alerts to be retrieved. You can specify a maximum of 5 alert ids separated by commas.
  2. Click Fetch Sample Data to pull the latest sample alert data from the Microsoft Azure tenant.
    The pull for sample alerts may take a few moments.

    The sample alert field values are populated on the left side of the form when sample alerts are ingested by the profile. These are the alerts that you map to the SIR security incident fields. The alert fields and values results are displayed as individual tabs.


    Microsoft Graph Security API: ingest alerts

What to do next

After you have fetched the sample data, the next step is map the alert fields to the security incident.