Defender for Identity sensor high severity alert

Copper Contributor

MDI sensor is generating a high severity alert stating "

A health issue occurred

Sensor received more windows events than they can process resulting in some events not being analyzed

While I checked MS docs for the possible cause I got this: "Verify that only required events are forwarded to the Defender for Identity sensor or try to forward some of the events to another Defender for Identity sensor" But I am not able find a way to verify this.

If anyone has faced similar issue I wanted to know the possible solutions for the same.


Thanks in advance

1 Reply

@Cloud0009 Usually the problem  will be lack of resources, or high percentage of NNR failure that slows the sensor down too much.
Please make sure you have ran the sizing tool, and the machine is up to spec.

If it looks OK, please contact support as they will need much more data to know exactly what happened.