Refer to the exhibit. You are configuring an analytics rule in Microsoft Sentinel. What is the effect of this configuration?
Correctly describes 'AllEntities' matching.
Why this answer
Option D is correct because grouping with matchingMethod 'AllEntities' groups alerts that share all entities (like IP, host, user) into a single incident within a 5-hour lookback. Option A is wrong because it does not create incidents per entity. Option B is wrong because it does not create an incident for each alert.
Option C is wrong because it does not create an incident per alert type.