What's new: Incident advanced search is now public!

Published Aug 10 2021 02:04 AM 3,284 Views
Microsoft

By default, incident searches run across the Incident ID, Title, Tags, Owner, and Product name values only. Now, with the new Advanced search pane, you can scroll down the list to select one or more other parameters to search on.

liatlishaa_1-1628524992342.png

 

The advanced fields list includes the following:

  • Alert ID
  • Alert description
  • Alert name
  • Alert severity
  • Analytic rule ID
  • Bookmark ID
  • Closing comment
  • Comments
  • Entities
  • Incident description
  • Reason for closing
  • Tactics

We recommend utilizing the Column Selector feature to support the search experience and add the searched columns to the grid view.

 

liatlishaa_0-1628524948714.png

 

 

The new UI allows for search by additional incident attributes and across all incidents in your workspace in seconds.

 

You can find more information about the new feature in our documentation.

 

We Value Your Opinion!

Our goal is to make your life easier while you triage and manage security incidents. If you have any feedback – about the experience, the usage – or anything else, please let us know. 

 

2 Comments
Occasional Contributor

Interesting that the documentation link returns page not found - FYI - but the advanced feature is welcomed - be nice when it saves the searches etc 

Microsoft
%3CLINGO-SUB%20id%3D%22lingo-sub-2627590%22%20slang%3D%22en-US%22%3EWhat's%20new%3A%20Incident%20advanced%20search%20is%20now%20public!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2627590%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EBy%20default%2C%20incident%20searches%20run%20across%20the%20Incident%20ID%2C%20Title%2C%20Tags%2C%20Owner%2C%20and%20Product%20name%20values%20only.%20Now%2C%20with%20the%20new%20Advanced%20search%20pane%2C%20you%20can%20scroll%20down%20the%20list%20to%20select%20one%20or%20more%20other%20parameters%20to%20search%20on.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22liatlishaa_1-1628524992342.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F301812i8C4805A2DE73333C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22liatlishaa_1-1628524992342.png%22%20alt%3D%22liatlishaa_1-1628524992342.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20advanced%20fields%20list%20includes%20the%20following%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAlert%20ID%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAlert%20description%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAlert%20name%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAlert%20severity%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAnalytic%20rule%20ID%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EBookmark%20ID%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EClosing%20comment%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EComments%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EEntities%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EIncident%20description%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EReason%20for%20closing%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ETactics%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%E2%80%83%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWe%20recommend%20utilizing%20the%20Column%20Selector%20feature%20to%20support%20the%20search%20experience%20and%20add%20the%20searched%20columns%20to%20the%20grid%20view.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22liatlishaa_0-1628524948714.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F301811i7DFB40FEE1ECA9B6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22liatlishaa_0-1628524948714.png%22%20alt%3D%22liatlishaa_0-1628524948714.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20new%20UI%20allows%20for%20search%20by%20additional%20incident%20attributes%20and%20across%20all%20incidents%20in%20your%20workspace%20in%20seconds.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EYou%20can%20find%20more%20information%20about%20the%20new%20feature%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-investigate-cases%23search-for-incidents%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20Value%20Your%20Opinion!%3C%2FP%3E%0A%3CP%3EOur%20goal%20is%20to%20make%20your%20life%20easier%20while%20you%20triage%20and%20manage%20security%20incidents.%20If%20you%20have%20any%20feedback%20%E2%80%93%20about%20the%20experience%2C%20the%20usage%20%E2%80%93%20or%20anything%20else%2C%20please%20let%20us%20know.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2627590%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWith%20the%20new%20incident%20advanced%20search%20UI%2C%20incident%20search%20becomes%20easier%20than%20ever.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20new%20UI%20allows%20for%20search%20by%20additional%20incident%20attributes%20and%20across%20all%20incidents%20in%20your%20workspace%20in%20seconds.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2627590%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EComments%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEntities%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIncidents%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESearch%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETriage%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2633551%22%20slang%3D%22en-US%22%3ERe%3A%20What's%20new%3A%20Incident%20advanced%20search%20is%20now%20public!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2633551%22%20slang%3D%22en-US%22%3E%3CP%3EInteresting%20that%20the%20documentation%20link%20returns%20page%20not%20found%20-%20FYI%20-%20but%20the%20advanced%20feature%20is%20welcomed%20-%20be%20nice%20when%20it%20saves%20the%20searches%20etc%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2652191%22%20slang%3D%22en-US%22%3ERe%3A%20What's%20new%3A%20Incident%20advanced%20search%20is%20now%20public!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2652191%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20the%20correct%20documentation%20link%3A%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Finvestigate-cases%23search-for-incidents%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Finvestigate-cases%23search-for-incidents%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20aria-label%3D%22Link%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Finvestigate-cases%23search-for-incidents%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Finvestigate-cases%23search-for-incidents%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Aug 09 2021 09:03 AM
Updated by:
www.000webhost.com