Forum Discussion

wootts's avatar
wootts
Iron Contributor
Nov 02, 2021

Alerts to Incidents

Hi team

I have raised an incident - but whilst I wait for an update - we have M365D connected to Sentinel - this is populating alerts in the securityalerts table - but no alerts are being populated in the SecurityIncident table.  what would be the probably cause of this ... I suspect something simple but causing some confusion.   tks 

2 Replies

  • m_zorich's avatar
    m_zorich
    Iron Contributor
    Nov 02, 2021

    On the data connector page for M365 Defender you should see a tick box for 'Turn off all Microsoft incident creation rules for these products. Recommended.' if you untick that incidents will be generated (it could be very noisy, hence is off by default)

     

     

    wootts 

    • wootts's avatar
      wootts
      Iron Contributor
      Nov 09, 2021
      Hi - it ended up being an error in the backend that only MS could fix .. thanks for taking the time to reply..

Resources