Hello, has anyone successfully used the Microsoft Defender Incidents plugin to create IDR investigations when new incidents are created?
I’m struggling to get any output from the plugin. We are getting Defender ATP alerts through to IDR using the Defender ATP data source but this is not creating incidents for the Defender for Cloud alerts we are seeing within our Defender portal.
If anyone has any documentation or hints for successfully using this plugin it would be greatly appreciated.
Thanks