Forum Discussion
Delay in Azure Sentinel scheduled alerts
Hi Community,
Sometimes its very delay to receive the alerts of the Schedule rules of Kaspersky. While the query runs every 5 minutes and lookup for the data of the last 5 minutes. while the log is ingested on AZ sentinel after 7 minutes. The rule is not missing the event but delays in Alert triggering. Picture is attached of Last 7 days alerts about Kaspersky virus detection.
2 Replies
- Rod_Trent
Microsoft
Did you try implementing the following to test?
Handling ingestion delay in Azure Sentinel scheduled alert rules: https://cda.ms/2h2- Yes I already implemented the test and the rule is not missing the event but its delay to trigger the alert is you see in above table the log ingested at AZ sentinel at 11:16 PM and alert triggered at 12:23 AM after 73 minutes but as I said the the query runs every 5 minutes and lookup for the data of the last 5 minutes.
