Security Alerts gets delayed

%3CLINGO-SUB%20id%3D%22lingo-sub-174113%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alerts%20gets%20delayed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174113%22%20slang%3D%22en-US%22%3E%3CP%3EUnfortunately%20no%20at%20Security%20%26amp%3B%20Compliance%20Center.%20We%20go%20with%20a%20connection%20to%20Operations%20Management%20Suite%2C%20which%20has%20a%20pack%20for%20Office%20365.%20With%20that%20alerts%20on%20the%26nbsp%3Bactivities%26nbsp%3Bare%20almost%20instant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-173731%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alerts%20gets%20delayed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-173731%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20ever%20get%20a%20solution%20to%20this%3F%20I%20have%20alerts%20configured%20just%20for%20admin%20changes%20and%20it%20sometimes%20takes%2024hrs%20for%20the%20alert%20to%20come%20through.%20Obviously%20if%20something%20bad%20was%20happening%20in%20the%20system%2C%20I'd%20have%20missed%20it...!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-147972%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alerts%20gets%20delayed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147972%22%20slang%3D%22en-US%22%3EI%20mean%20both.%20Both%20delays%20are%20understandable.%20But%20for%20example%20today%20we%20receive%20an%20e-mail%20alert%20to%20the%20activity%20which%20is%2022%20days%20old.%20This%20is%20too%20much.%20I%20have%20currently%20opened%20the%20case%20for%20it%20but%20without%20any%20meaningful%20progress.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-147943%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alerts%20gets%20delayed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147943%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20mean%20the%20email%20notifications%2C%20or%20the%20actual%20events%20in%20the%20SCC%20Audit%20log%20section%3F%20In%20general%2C%20there%20is%20some%20delay%20with%20generating%20both%2C%20audit%20log%20entries%20can%20sometimes%20appear%20after%20a%20day%20or%20more%2C%20depending%20on%20the%20event%20type...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-147872%22%20slang%3D%22es-ES%22%3ESecurity%20Alerts%20gets%20delayed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147872%22%20slang%3D%22es-ES%22%3E%3CP%3EWe%20have%20set%20up%20security%20alerts%20in%20Office%20365%20for%20some%20events%20like%20privilege%20escalations.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20notification%20coming.%20But%20from%20December%20they%20get%20delayed.%20Sometimes%20hours%2C%20sometimes%20days%2C%20but%20now%20we%20receive%20events%20even%20after%20more%20than%2010%20days%20of%20the%20time%20when%20activity%20occurs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDoes%20someone%20sees%20the%20same%3F%20The%20notifications%20on%20CAS%20are%20triggered%20correctly%20in%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-147872%22%20slang%3D%22es-ES%22%3E%3CLINGO-LABEL%3EAdvanced%20Security%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Office%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
MVP

We have set up security alerts in Office 365 for some events like privilege escalations.

 

The notification coming. But from December they get delayed. Sometimes hours, sometimes days, but now we receive events even after more than 10 days of the time when activity occurs.

 

Does someone sees the same? The notifications on CAS are triggered correctly in time.

4 Replies

You mean the email notifications, or the actual events in the SCC Audit log section? In general, there is some delay with generating both, audit log entries can sometimes appear after a day or more, depending on the event type...

I mean both. Both delays are understandable. But for example today we receive an e-mail alert to the activity which is 22 days old. This is too much. I have currently opened the case for it but without any meaningful progress.

Did you ever get a solution to this? I have alerts configured just for admin changes and it sometimes takes 24hrs for the alert to come through. Obviously if something bad was happening in the system, I'd have missed it...!

Unfortunately no at Security & Compliance Center. We go with a connection to Operations Management Suite, which has a pack for Office 365. With that alerts on the activities are almost instant.