Source:
Microsoft have released a new advanced search pane within Azure Sentinel allowing you to search incidents across one or more parameters across the incident.
Liat Lisha, Security Product Manager II, Azure Sentinel at Microsoft, explained the search improvments in the Tech Community blog.
What's New: Incident Advanced Search is Now Public!
By default, incident searches run across the Incident ID, Title, Tags, Owner, and Product name values only. Now, with the new Advanced search pane, you can scroll down the list to select one or more other parameters to search on.
The advanced fields list includes the following:
Alert ID
Alert description
Alert name
Alert severity
Analytic rule ID
Bookmark ID
Closing comment
Comments
Entities
Incident description
Reason for closing
Tactics
We recommend utilizing the Column Selector feature to support the search experience and add the searched columns to the grid view.
The new UI allows for search by additional incident attributes and across all incidents in your workspace in seconds.
For more information on the incident search improvements, please refer to Microsoft's documentation here.