May 08 2019 06:53 AM
Hi folks,
We've recently started to leverage Cloud App Security as a component of our Security Operations and while testing the impossible travel policy with a custom targeted policy for non typical work locations, we've noticed a significant delay in the alert being shown on the dashboard versus when the event actually occurred. We've seen anything from 90 minutes or worse when we compare the Audit logs in O365 and Azure for when our test users logged in from another location to the actual time we receive email notification from Cloud App Security.
While we wait for a response from Cloud App Security support, I thought I might post here and see if anyone is having this same issue.
May 09 2019 08:56 AM
May 10 2019 12:28 AM
When I was testing DLP policies, I got kind of the opposite.
If I add a file with for example credit card numbers, it takes almost two hours for the file to show up in MCAS (with the alert following soon after).
If I however apply a policy on files that are already monitored in MCAS, the alert will show up in a few minutes.
May 10 2019 03:10 AM
@prnceofpwngeI noticed the same thing