New Contributor

 

          We got an alert from 365 defenders to azure sentinel ( A potentially malicious URL click was detected). To investigate this alert we have to check in the 365 defender portal.

We noticed that entities are not capturing (user, host, IP). How can we resolve this issue? 

Note: This is not a custom rule.