Forum Discussion
Azure Sentinel Incident Severity Mapping
Hi, So Sentinel categorizes its incidents as "Low, Medium or High". However, a typical SOC might have incidents ranging from P1-P5. I'm curious how have other organizations mapped the 3 Sent...
Hi,
Thank you for replying.
P1 is typically the most critical, so that would be linked to 'high'...with P5 linked to "low".
This is what we have already done; we were looking for a bit more of a detailed mapping suggestion - like perhaps getting some more info from the incident, like Mitre Attack details for example, and mapping that to the relevant P1-P5 incident.
Will keep investigating.
Thank you
Thank you for replying.
P1 is typically the most critical, so that would be linked to 'high'...with P5 linked to "low".
This is what we have already done; we were looking for a bit more of a detailed mapping suggestion - like perhaps getting some more info from the incident, like Mitre Attack details for example, and mapping that to the relevant P1-P5 incident.
Will keep investigating.
Thank you
