Azure entities triggering more than 1 distinct type of alert
This alert identifies Azure Sentinel alerts entities that triggered 2 or more distinct alert types within a specific time interval.
MITRE ATT&CK Tactics
This alert has been created to assist organization's SOC to quickly identify incidents that require immediate attention. Having an entity triggering more than 2 distinct alert types is a clear indicator that the respective entity - IP address, account, etc. will need to be investigated immediately.
This alert rule can be tune-up further using the following criterias:
1. Pairing alert rule with severity level higher than medium
2. Time interval between first alert and last alert can be extended or reduced
3. Assigning a higher priority to specific alert rules
4. Alert rules to specific data sources can take priority