cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Automatically alert resolved in sentinel

Ajay_Patil
Copper Contributor

‎Jan 22 2023 05:30 AM

‎Jan 22 2023 05:30 AM

Automatically alert resolved in sentinel

If we resolve the alerts in microsoft 365 defender is there any way it automatically resolved in Microsoft sentinel also.

 

Any assistance in this matter would be greatly appreciated.:smile:

Labels:
2,535 Views
0 Likes
6 Replies
Reply
6 Replies
Heike Ritter

‎Jan 23 2023 02:35 AM

‎Jan 23 2023 02:35 AM

Re: Automatically alert resolved in sentinel

Hi Ajay, yes with the Microsoft 365 Defender and Sentinel integration - did yo set up the connector?
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration
1 Like
Reply
Ajay_Patil

‎Jan 23 2023 05:45 AM

‎Jan 23 2023 05:45 AM

Re: Automatically alert resolved in sentinel


Hi Heike, thank you so much for your response. Yes, we have set up a connector between Microsoft 365 defender and sentinel.
Currently, it only works in the sense that When we resolve an alert or incident on Sentienl and it is automatically resolved on Microsoft 365 defender.

My preference is that When we closed an alert/incidents on Microsoft 365 Defender,it should automatically be solved on sentinel.

Is there a playbook to deploy or any other solution that you can suggest ?

If you have anything to share with me to help me resolve the issue, I would really appreciate it.
0 Likes
Reply
best response confirmed by ChristianJBergstrom (MVP)
Heike Ritter

‎Jan 25 2023 01:55 AM

‎Jan 25 2023 01:55 AM

Solution

Re: Automatically alert resolved in sentinel

Hmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working...
If this is not happening, I honestly suggest to open a support ticket
0 Likes
Reply
Ajay_Patil

‎Jan 29 2023 05:43 AM

‎Jan 29 2023 05:43 AM

Re: Automatically alert resolved in sentinel

Hi Heike, Thank you for the information.
I have successfully connected the Sentinel and Microsoft 365 Defender.
1 Like
Reply
Heike Ritter

‎Jan 30 2023 02:32 AM

‎Jan 30 2023 02:32 AM

Re: Automatically alert resolved in sentinel

Yay!!! So glad to read this!! Do you know what you had to change?
0 Likes
Reply
Ajay_Patil

‎Feb 05 2023 07:30 AM

‎Feb 05 2023 07:30 AM

Re: Automatically alert resolved in sentinel

Hi Heike,
Greetings to you and hope you are doing well.
I'm not sure why it initially didn't worked. In order to make sure everything is done right, I reconnected the Microsoft Defender and Sentinel step by step this time. As a result, it started working properly. There may have been some error or something else that prevented it from connecting at first.

Thank you so much for your assistance. Having this information really helped me to re-establish the connection.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by ChristianJBergstrom (MVP)
Heike Ritter

‎Jan 25 2023 01:55 AM

‎Jan 25 2023 01:55 AM

Solution

Re: Automatically alert resolved in sentinel

Hmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working...
If this is not happening, I honestly suggest to open a support ticket

View solution in original post

0 Likes
Reply