kusto for incidents information
I want incident information, including comments and status, be able to retrieved by kusto query in Sentinel.
If this is possible I would be able to analyze the incident investigation.
Thus, I can understand how long you need for what types of incident, and FP rate for certain incidents.
Moreover when new alert happens, you could check similar incidents investigation data and more smoothly investigate for the new alert.
Alexandros Kefallonitis commented
Good to have! Any estimation?