Managed Sentinel – Alert 078

Alert IDMS-A078
Alert NameAzure entities triggering more than 1 distinct type of alert
DescriptionThis alert identifies Azure Sentinel alerts entities that triggered 2 or more distinct alert types within a specific time interval.
Severity LevelMedium
Threat Indicator-
MITRE ATT&CK Tactics-
Log sourcesAzure Sentinel
RecommendationsThis alert has been created to assist organization's SOC to quickly identify incidents that require immediate attention. Having an entity triggering more than 2 distinct alert types is a clear indicator that the respective entity - IP address, account, etc. will need to be investigated immediately.

This alert rule can be tune-up further using the following criterias:
1. Pairing alert rule with severity level higher than medium
2. Time interval between first alert and last alert can be extended or reduced
3. Assigning a higher priority to specific alert rules
4. Alert rules to specific data sources can take priority