Sep 13 2021 03:36 AM
Hi
I have observed some unusual behaviour from MCAS and Sentinel integration. Based on attached screenshot, you can see that there are bulk of incident generated in Azure sentinel that are forwarded from MCAS. Most of these alerts are old dated (5 Months old). Most of these alerts are closed in MCAS already. Not sure why it dumped all the alerts on sentinel.
This behaviour has been observed couple of times. Anyone else faced similar issue?
Mar 10 2022 02:08 AM