Many tables that record an IP address in Sentinel will include location or receive auto enrichment to provide IP location information including the country and coordinates. If not, you can perform a query to an IP reputation or WHOIS service with an HTTP request (API call) using a logic app. There are examples in the official Sentinel GitHub repo for reference.
Close cases based on User account and country - Automation Sentinel
Miguel Calderón
45
Puntos de reputación
Dear team. I´m trying to close some incidents on Sentinel related to sign-in risk based on location and User Account, using automation, but i could´t found the property related to the location (Country) Example: Title: Atypical travel and Account Name: John Smith and Country: Brazil (Here is the problem, there´s no propertie related to Location) PD: I dont manage the MDC Apps. BR Miguel C.
1 respuesta
Ordenar por: Muy útil
-
Andrew Blumhardt 9,866 Puntos de reputación Empleado de Microsoft
2024-01-23T12:13:25.1133333+00:00