DRAG DROP
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft Sentinel to create incidents based on:
• Azure Active Directory (Azure AD) Identity Protection alerts
• Correlated events from the DeviceProcessEvents table
Which analytic rule types should you use for each incident type? To answer, drag the appropriate rule types to the correct incident types. Each rule type may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
