Forum Discussion

pemontto's avatar
pemontto
Brass Contributor
Mar 10, 2020
Solved

Increasing scheduled analytic frequency

We've seen a number of template analytics with search frequency set to 1d. We have some use cases where we'd like to be notified much sooner than the incident + ~1d. What we're struggling with is und...
  • CliveWatson's avatar
    CliveWatson
    Mar 10, 2020

    pemontto 

     

    The link you provided discussed the push from O365 to Sentinel:

    "Office 365 solution polls activity logs using the Office 365 Management Activity API, which currently does not provide any near-real time latency guarantees.". 

    I'm sure you see from your own query that many tables have acceptable latency.  Its an area always under review and being optimised.

     

     

     

     

CliveWatson's avatar
CliveWatson
Former Employee
Mar 10, 2020

pemontto 

 

The link you provided discussed the push from O365 to Sentinel:

"Office 365 solution polls activity logs using the Office 365 Management Activity API, which currently does not provide any near-real time latency guarantees.". 

I'm sure you see from your own query that many tables have acceptable latency.  Its an area always under review and being optimised.

 

 

 

 

pemontto's avatar
pemontto
Brass Contributor
Apr 02, 2020

CliveWatson thanks! And thanks for the https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/Workspace%20Usage%20report.workbook that wraps everything up nicely, including latency!