![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,159 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
I have checked with my team about the above problem statement.
This is indeed not apparent from the incident today. We are planning to add the Device Vendor and Device Product fields as custom fields to the incident.
To that end, we have updated now this specific rule to display the Vendor and Product in custom fields: Azure-Sentinel/imAuthBruteForce.yaml at master · Azure/Azure-Sentinel - github.com. It would be available in a week or two in the product, and can be used as a guideline to update the rule manually now.
As to the larger question: yes, we plan to move all relevant detections to ASIM.
Let me know if you have any questions.
If this answer was helpful to you, please consider "marking as answer" so that others in the community with similar questions will more easily find the resolution.