Forum Discussion

GaryBushey's avatar
GaryBushey
Bronze Contributor
Dec 11, 2020

Azure Sentinel incidents without any events

I have noticed a couple of incidents generated from Azure Sentinel analytic rules that do not have any events associated with them (it states N/A under the Events column when viewing the full details).  I also notice that the alert ID doesn't seem to exist.   This appears to have started around 1:40AM EST today (11 Dec 2020) and the latest I have noticed this happening is 7:26AM EST today.

 

Anyone else noticing this?

  • lazylion's avatar
    lazylion
    Copper Contributor
    I am also facing same issue with one of my use case, where incident is triggering with zero events in it.

    Any solution?
  • GaryBushey's avatar
    GaryBushey
    Bronze Contributor
    This has resolved itself. Going to be an issue if this keeps happening.

Resources