Forum Discussion
Defender for 365 Ingestion: Duplicate values
Good morning (afternoon, or evening!) everyone. We're looking at using the Defender for Office365 ingestion for Sentinel to move our detection rules in to Sentinel however, our columns for Sender...
I have the same issue, I never raised with Microsoft as the connector is still in preview and the EmailEvents have only recently been added, so assume some teething problems. I did ping my contact in MS a message, who said the Engineer teams are aware. So I would say keep an eye out as the problem should be resolved in the near future.
- Thanks MattBurrows, glad to know I'm not going mad!
To be honest I half expected this to be the case given preview/new release. I'd also expect/hope the Sentinel support teams to be more responsive/in the loop with known issues.
Here's hoping this is sorted quickly as it'll be an awesome feature to have working as intended. SenderDisplayName spoofing is still rampant so having automation playbooks for this would be amazing.
