Forum Discussion

zubairrahimsoc's avatar
zubairrahimsoc
Copper Contributor
Jul 30, 2021

Delay in Azure Sentinel scheduled alerts

Hi Community,   Sometimes its very delay to receive the alerts of the Schedule rules of Kaspersky. While the query runs every 5 minutes and lookup for the data of the last 5 minutes. while the log ...
Rod_Trent's avatar
Rod_Trent
Icon for Microsoft rankMicrosoft
Jul 30, 2021
Did you try implementing the following to test?

Handling ingestion delay in Azure Sentinel scheduled alert rules: https://cda.ms/2h2
  • zubairrahimsoc's avatar
    zubairrahimsoc
    Copper Contributor
    Aug 06, 2021
    Yes I already implemented the test and the rule is not missing the event but its delay to trigger the alert is you see in above table the log ingested at AZ sentinel at 11:16 PM and alert triggered at 12:23 AM after 73 minutes but as I said the the query runs every 5 minutes and lookup for the data of the last 5 minutes.

Resources