You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.
You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATT&CK database.
You need to ensure that an incident is created in WS1 when the new attack vector is detected.
What should you configure?
To ensure an incident is created in Microsoft Sentinel when the new attack vector is detected, you should configure a scheduled query rule. A scheduled query rule runs queries on a regular schedule and creates an incident if the query detects a specified condition. This is the appropriate way to automate the detection and incident creation process based on your specific hunting query.
C. a scheduled query rule: This is used to run queries on a schedule, and when a match is found, it can create an incident in Microsoft Sentinel. Given that you have a hunting query that detects a new attack vector, setting up a scheduled query rule will ensure that this query runs regularly and automatically generates an incident whenever the attack vector is detected.