Forum Discussion
Some Sentinel Incident from Microsoft Defender 365 are not retrieving Alerts & Entities
Hello,
For some incidents (From Microsoft Defender 365 connector Product name : Microsoft Defender for Office 365), in Sentinel we face an error "There was an error retrieving some of the alert information. Please try again later. If the problem persist, contact Microsoft support."
Alert is not show in logs when search using AlertID and No Entities found.
Thanks
Qusai_Ismail May be a temporary issue with retrieving the alert information from Microsoft Defender for Office 365. It could be due to a network connection issue, a temporary outage, or a problem with the service.
To search for the alert using the AlertID, you can try checking in other logs or data sources that may contain the alert information, such as the Event Viewer or the Azure Sentinel logs. This could help you find the information you are looking for, even if it is not appearing in the expected place.
- Thanks for your replay.
We have a reliable network connection, and we tried again, it's gone 5 days for incident without any information appear, which lead us to use Microsoft Defender 365 for that incident, the problem is this issue happen to different incidents. several times.Qusai_Ismail
Hi, I know it's a while but did you find a solution? I see something similar with the sameAlert product names- Microsoft Defender for Office 365
No entities and nothing to find in the logs for the alertid.
Thank you!
