In this document, you learned how to customize alert details in Microsoft Sentinel analytics rules. Once the rule validation is successful, click Save. If you're editing an existing rule, click the Review and create tab. When you have finished customizing your alert details, continue to the next tab in the wizard.
If you change your mind, or if you made a mistake, you can remove an alert detail by clicking the trash can icon next to the Tactic/Severity Column fields or delete the free text from the Alert Name/Description Format fields. For each one, choose the column that contains the corresponding information. Use the Tactic Column and Severity Column fields only if your query results contain columns with this information in them. You are currently limited to three parameters each in the Alert Name Format and Alert Description Format fields. ĭo the same with the Alert Description Format field. In the Alert Name Format field, enter the text you want to appear as the name of the alert (the alert text), and include, in double curly brackets, any parameters you want to be part of the alert text.Įxample: Alert from. In the now-expanded Alert details section, add free text that includes parameters corresponding to the details you want to display in the alert: In the Alert enrichment section, expand Alert details. Or create a new rule by clicking Create > Scheduled query rule at the top of the screen. Select a scheduled query rule and click Edit. How to customize alert detailsįrom the Microsoft Sentinel navigation menu, select Analytics. It's treated here independently to address the scenario of adding or changing alert details in an existing analytics rule. The procedure detailed below is part of the analytics rule creation wizard. If the selected parameter has no value (or an invalid value in the case of tactics and severity), the alert details will revert to the defaults specified in the first page of the wizard. Here you can select parameters in your alert that can be represented in the name or description of each instance of the alert, or that can contain the tactics and severity assigned to that instance of the alert. With the alert details feature, you can tailor an alert's appearance to its content. When you define a name and description for your scheduled analytics rules, and you assign them severities and MITRE ATT&CK tactics, all alerts generated by a particular rule - and all incidents created as a result - will be displayed with the same name, description, and so on, without regard to the particular content of a specific instance of the alert. Learn more about recent Microsoft security enhancements. Click the icon in the Firewall:On section to go back to the main menu.Azure Sentinel is now called Microsoft Sentinel, and we’ll be updating these pages in the coming weeks. Notice that your new Port for Logitech TCP & UDP displays in the list.ġ1.
In the Service Description field, enter a description such as “UPnP Discovery, UPnP Control, video streaming, web viewing, e-mail notifications, DHCP, etc”.Ĩ. In the System Service Category field, enter “TCP & UPnP ports”.ħ. In the System Service Name field, enter “Logitech TCP & UPnP Ports”.Ħ. The Add System Service Port screen displays.ĥ. To set Ports and System Services for Logitech Commander, follow these instructions:Ĥ. The 2010 version of McAfee Security Center may require additional setups than those specified above. Setting Ports & System Services for Logitech Commander Program Click on the icon in the Firewall: On section to go back to the main menu.
In the Access dropdown field, select Full and then click Save.ĥ. If they do not, click on each program (individually) and then click Edit. Make sure that both programs have Full permission. Find Logitech Alert Commander and Logitech Updater. To check program permissions, follow these instructions:Ĥ. You have finished setting firewall configurations for McAfee Security Center.