Forum Discussion
Solved
Conflict with custom time range when running scheduled Sentinel Alert - identityinfo
Hi team. I'm working with Sentinel to create a custom alert rule in attempt to reduce the noise generated by false positives. I've went ahead and modified the out-of-the-box alert for "RDP Nesting" ...
- There is a dedicated Sentinel channel. https://techcommunity.microsoft.com/t5/azure-sentinel/bd-p/AzureSentinel
Azure Sentinel rules have a max look back of 14days https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom#query-scheduling-and-alert-threshold
There is a workaround (if you really need it). Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
There is a dedicated Sentinel channel. https://techcommunity.microsoft.com/t5/azure-sentinel/bd-p/AzureSentinel
Azure Sentinel rules have a max look back of 14days https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom#query-scheduling-and-alert-threshold
There is a workaround (if you really need it). Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
Azure Sentinel rules have a max look back of 14days https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom#query-scheduling-and-alert-threshold
There is a workaround (if you really need it). Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
- I think I got it working by adjusting the max look back from 8 to 14 days.
Will need to keep an eye on it.
Thanks.
