Nov 02 2021 05:16 AM
Hi team
I have raised an incident - but whilst I wait for an update - we have M365D connected to Sentinel - this is populating alerts in the securityalerts table - but no alerts are being populated in the SecurityIncident table. what would be the probably cause of this ... I suspect something simple but causing some confusion. tks
Nov 02 2021 03:00 PM
On the data connector page for M365 Defender you should see a tick box for 'Turn off all Microsoft incident creation rules for these products. Recommended.' if you untick that incidents will be generated (it could be very noisy, hence is off by default)
Nov 09 2021 05:25 AM