Forum Discussion
Lack of alerts in Sentinel
Hello, I am troubleshooting a lack of alerts and incidents in my Sentinel deployment. When I look at the Micrsoft Defender XDR connector, I see plenty of events like DeviceEvents, DeviceInfo, Ident...
Probably resolved by now, but make sure in the XDR connector in sentinel that you have "import incidents" enabled. You dont really need to import deviceevents and all those from DFE, then you are paying double for that (as its free in XDR portal) - unless you really wanna build hunts and detections around it (you can use custom detection in XDR then).