DRAG DROP -
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.
You are threat hunting suspicious traffic from a specific IP address.
You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
teamaws
Highly Voted 2 years, 11 months agoPinto
Highly Voted 3 years agomajstor86
Most Recent 1 year agoligu
1 year agoWhalerTom
2 years, 2 months agokam117
2 years, 6 months agorsharma007
2 years, 7 months agoSandomj55
2 years, 7 months ago