Hi Romar,
Here’s how you can filter these notifications:
- Create a Filtering Rule: You can create a rule in Sentinel to filter out these specific alerts. Go to the Analytics section, click on + Create, and then select Scheduled alert rule. In the rule, you can specify the conditions that match the honeypot alerts you want to filter.
- Modify the Threat Intelligence Connector: If the honeypot alerts are not relevant to your environment, you might want to modify the settings of the Microsoft Defender Threat Intelligence Data Connector. You can adjust the Import Severity Level to a higher level to reduce the number of imported alerts.
If this answers your question, please click Accept Answer and Yes if this answer was helpful. Doing so would help other community members with similar issues identify the solution. I highly appreciate your contribution to the community.