Forum Discussion
ElisabethSN
Sep 07, 2022Copper Contributor
Microsoft re-opening and re-closing Incidents in Sentinel
Hey, so we have experienced several times MS re-opening incidents in Sentinel that one of our analysts have already closed. And then also re-closing it, but I'll get to that. When re-opening a S...
GBushey
Microsoft
Sep 12, 2022For your feature requests, go to https://feedback.azure.com/d365community/forum/37638d17-0625-ec11-b6e6-000d3a4f07b8# and add your requests.
For the items that are being reclosed, are they originating from other Azure Security products? It could be they are closed in the other system, which is then pushing the fact it is closed into Microsoft Sentinel.
For the items that are being reclosed, are they originating from other Azure Security products? It could be they are closed in the other system, which is then pushing the fact it is closed into Microsoft Sentinel.
- Nidhal_FerchichiSep 11, 2023Copper ContributorHi Gary,
Could you share the correct link to submit our feedback.
Do you have any ETA to get this issue resolved ?- GBusheySep 13, 2023
Microsoft
That link is still working. If you are still experiencing this issue, I would recommend opening a ticket with MS so they can take a look at your environment to get a better idea what is happening.
- ElisabethSNSep 13, 2022Copper ContributorHey GBushey, thanks for the answer! I have now created the feature request, thanks for the reference.
They are in fact originating from Microsoft Defender 365- But why would a ticket closed in Sentinel, be re-opened in the scenario you are describing?
I understand the scenario of an open Sentinel Incident being closed by MS Automation as part of the bidirectional synch, if the incident is closed from Microsoft Defender 365.