🔥 3-day streak
Microsoft Security Operations Analyst177 / 190
Question 177 of 190
Your SOC deploys a custom scheduled analytics rule in Microsoft Sentinel that queries a firewall log table. Analysts complain that when incidents are generated, the alerts do not display the destination IP address or the custom threat severity score in the incident details, even though those columns exist in the query results. You need alerts to surface this contextual data so analysts can triage without opening the raw logs. Which analytics rule configuration should you use to include this non-entity contextual information in the generated alerts?
Reviewed for accuracy · Report an issueNext question