top of page

What's New In Azure Sentinel? Incident Advanced Search!



Microsoft have released a new advanced search pane within Azure Sentinel allowing you to search incidents across one or more parameters across the incident.

Liat Lisha, Security Product Manager II, Azure Sentinel at Microsoft, explained the search improvments in the Tech Community blog.

What's New: Incident Advanced Search is Now Public!

By default, incident searches run across the Incident ID, Title, Tags, Owner, and Product name values only. Now, with the new Advanced search pane, you can scroll down the list to select one or more other parameters to search on.

The advanced fields list includes the following:

  • Alert ID

  • Alert description

  • Alert name

  • Alert severity

  • Analytic rule ID

  • Bookmark ID

  • Closing comment

  • Comments

  • Entities

  • Incident description

  • Reason for closing

  • Tactics

We recommend utilizing the Column Selector feature to support the search experience and add the searched columns to the grid view.

The new UI allows for search by additional incident attributes and across all incidents in your workspace in seconds.

For more information on the incident search improvements, please refer to Microsoft's documentation here.


bottom of page