Hi,

Just trialling the unified portal, and incidents in Sentinel seem to lose any tactics set via the analytic rule.

Plus the resulting incident has a slightly different title, assume after being converted to ‘Defender speak’.

We have a standard rule TI MAP IP entity for Office365 and the incident is TI Map IP entity for Office365 involving one user and the tactic is missing even though its in the original rule?

Anyone else experiencing the same?

Regards,

Tim

​Hi, Just trialling the unified portal, and incidents in Sentinel seem to lose any tactics set via the analytic rule.Plus the resulting incident has a slightly different title, assume after being converted to ‘Defender speak’. We have a standard rule TI MAP IP entity for Office365 and the incident is TI Map IP entity for Office365 involving one user and the tactic is missing even though its in the original rule? Anyone else experiencing the same? Regards, Tim  Read More

​