Managed Sentinel – Alert 078
| Alert ID | MS-A078 |
| Alert Name | Azure entities triggering more than 1 distinct type of alert |
| Description | This alert identifies Azure Sentinel alerts entities that triggered 2 or more distinct alert types within a specific time interval. |
| Severity Level | Medium |
| Threat Indicator | - |
| MITRE ATT&CK Tactics | - |
| Log sources | Azure Sentinel |
| Recommendations | This alert has been created to assist organization's SOC to quickly identify incidents that require immediate attention. Having an entity triggering more than 2 distinct alert types is a clear indicator that the respective entity - IP address, account, etc. will need to be investigated immediately. This alert rule can be tune-up further using the following criterias: 1. Pairing alert rule with severity level higher than medium 2. Time interval between first alert and last alert can be extended or reduced 3. Assigning a higher priority to specific alert rules 4. Alert rules to specific data sources can take priority |