Actually the correct answer is B. https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview

It's A based on this: https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview other people say they get answer "b" out of this but i don't see it ....

By using the investigation graph in Microsoft Sentinel, you can explore connections between the existing Microsoft 365 Defender data and potentially find the relevant Defender for Cloud Apps alert related to the incident you're investigating. T

The wording for option A, B and C makes me doubt them as answers because 1. The Timeline card does not have an entity side panel, it's actually the entity side panel that has a Timeline card tab. 2. The timelines tab is not on the incidents page of Sentinel and 3. The investigation graph is not on the incidents page but rather on the incident details panel. The Alert page in Defender 365 portal does allow you to associate an alert with an incident, so this would be my choice. Thought on this?

Answer confirmed by items 5 & 6 listed here https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview

The question is tricky. If you read the following link you will see in limitations that you cannot link defender alerts to defender incidents from Sentinel. You can only do that from Defender portal. https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview

In the exam on 21/12/2023

In the entity page side panel, select the Timeline card. A is the correct choice based on the links provided

Based on the documentation below, I think the aswer is A. https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview

Changed my mind. This question has annoyed. I use Sentinel and A, B or C as worded in the question does not allow us to link to another incident. However D does. I have alerts in Sentinel that have been ingested from Defender. If I go to the alert in Defender I can 'link to another incident

B based on https://learn.microsoft.com/en-us/azure/sentinel/relate-alerts-to-incidents#add-alerts-using-the-entity-timeline-preview

The provided answer is correct. The article provided by a311 does illustrate how to do this, however, I believe that the instructions were misinterpreted. . Launch Sentinel . Go to incidents . Click on incident >> Investigate . In the middle pane you have the Overview tab and the Entities tab, click on Entities . Select one of the entities, and notice the blade that appears The options on this screen are, Info, Timeline, Insight. If you select timeline, you will see other alerts that you can add to the incident. B says the incident timeline, which are the alerts that are added to the incident. Now read A one more time: the entity side panel of the Timeline card in Microsoft Sentinel

D for me too

D. the Alerts page in the Microsoft 365 Defender portal. Open the Microsoft 365 Defender portal and select Alerts. Find the alert that you want to add to the incident and select it. In the alert details page, select Add to existing incident. In the Add alert to incident pane, select the incident that you want to update and then select Add. This will add the alert to the incident in both Microsoft 365 Defender and Microsoft Sentinel portals. Any changes you make to the incident in Microsoft 365 Defender will be synchronized to the same incident in Microsoft Sentinel

This new question arrived today 9th september 2023. Can someone please verify the correct answer?