Severity and state mappings for Microsoft Sentinel
Alert priority and resolution state mapping between Microsoft Sentinel and Incident Response.
Microsoft Sentinel alert priority mapping
Microsoft Sentinel's alert priority is based on one field in the payload.
The field of interest is: alert_severity
| Microsoft Sentinel payload field | Microsoft Sentinel payload value | Incident Response alert priority value |
|---|---|---|
| alert_severity | High | P1-Critical |
| Medium | P2-Major | |
| Low | P4-Low | |
| Info | P5-INFORMATIONAL |
Microsoft Sentinel resolution state mapping
No state mapping. Default will always be NEW/OPEN.
Note: If you require any other severity and state mappings, use the
Generic webhook integration.