Forum Discussion
how many alerts MAX
First of all, thanks for the help.
I would like to know what is the current alert limit of Azure Sentinel.
We are a SOC with many alerts of its own and I think there is a limitation.
We use an MSSP model with Lighthouse
Thanks in advance.
I would also like to confirm the limit of Workspace that we can manage, if it is 20.
2 Replies
- At any point of time you can view the incidents of 10 workspaces only using light house and coming to the limitation of alerts on sentinel. I dont think there is any limitation on the alerts Azure Sentinel can trigger. You may not see the older alerts if it crosses the Sentinel retention period
- 10 is a limit in the Azure Sentinel UI, you can use a Workbook (example is "Sentinel Central" - see Workbooks - Templates), from which can see 10+ workspaces, or those you select. Or you can use a cross workspace query to look over 10+ (which is what the workbook does). Please note accessing lots of workspaces (especially across regions) can be slow. please see: https://www.linkedin.com/pulse/announcing-azure-sentinel-central-workbook-clive-watson/
