Forum Discussion
Automatically alert resolved in sentinel
If we resolve the alerts in microsoft 365 defender is there any way it automatically resolved in Microsoft sentinel also.
Any assistance in this matter would be greatly appreciated.
- Hmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working-with-microsoft-365-defender-incidents-in-microsoft-sentinel-and-bi-directional-sync
If this is not happening, I honestly suggest to open a support ticket
- HeikeRitter
Microsoft
Hi Ajay, yes with the Microsoft 365 Defender and Sentinel integration - did yo set up the connector?
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration
Hi Heike, thank you so much for your response. Yes, we have set up a connector between Microsoft 365 defender and sentinel.
Currently, it only works in the sense that When we resolve an alert or incident on Sentienl and it is automatically resolved on Microsoft 365 defender.
My preference is that When we closed an alert/incidents on Microsoft 365 Defender,it should automatically be solved on sentinel.
Is there a playbook to deploy or any other solution that you can suggest ?
If you have anything to share with me to help me resolve the issue, I would really appreciate it.- HeikeRitterHmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working-with-microsoft-365-defender-incidents-in-microsoft-sentinel-and-bi-directional-sync
If this is not happening, I honestly suggest to open a support ticket
