Hello,
We recently set up the Microsoft Security integration in Insight IDR. This has created a lot of alerts in Insight IDR that are not useful to us for several reason (Our automation in Sentinel and Defender XDR automatically close many of the alerts and our analysts prefer working in Defender to working in Insight IDR, our analytics and SLOs are based on the Defender timeline.) The long-term plan is to get bi-directional closure working, but as a short-term stop gap measure I would like to close all the Investigations that are created by alerts from the Microsoft security plugin. Having to double close dozens of alerts a day is really no fun (particularly since the InsightIDR investigations interface is so clunky.) Is there a workflow in InsightConnect that will allow us to automatically close alerts based on the alert category (Manged, non-managed) source (Microsoft Security or Sentinel) and Event Type (third party alerts).
Thanks!