Forum Discussion

akhalili's avatar
akhalili
Copper Contributor
Jul 08, 2020

Azure Sentinel Incidents

Hello,

 

I have Azure Sentinel deployed with about 85 analytic rules enabled. I noticed that I have several analytic rules triggering, but incidents are not coming in. I had incidents come in until yesterday, but now I don't see any incidents coming in, even though there are alerts coming in. 

    • akhalili's avatar
      akhalili
      Copper Contributor

      Rod_Trent: The blade is for the last 24 hours. I know that if i change it to 48 hours, I will see the older incidents. The issue here is that I know that there definitely should have been incidents in the last 24 hours, but there is nothing coming in. I even created a test analytic rule that would generate an incident for any logs coming in, but still no incidents. 

      • GaryBushey's avatar
        GaryBushey
        Bronze Contributor

        akhalili Probably a silly question but could the Analytic rules have been changed to *not* create an incident, only an alert?

Resources