Karin Bui
16 Apr 2024
Welcome to us Patrik Jonsson
1 min
For information about NRT rules, please see previous blog post or visit
https://docs.microsoft.com/en-us/azure/sentinel/near-real-time-rules
Creating NRT rules
Navigate to Microsoft Sentinel in the Azure portal
In the navigation, select Analytics
Click Create and select NRT query rule
Give it a name and add Description, Mitre Tactics and Severity and click Next
In the configuration window, there are no schedule and lookback time to define
Requirements
You can only refer to one table and cannot use unions or joins
No cross workspace query
Use project and only keep the necessary fields to avoid truncation due to size limitations of the alerts
For further information, please visit
https://docs.microsoft.com/en-us/azure/sentinel/create-nrt-rules
SEC-LABS R&D
