cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Alerts to Incidents

wootts
Iron Contributor

‎Nov 02 2021 05:16 AM

‎Nov 02 2021 05:16 AM

Alerts to Incidents

Hi team

I have raised an incident - but whilst I wait for an update - we have M365D connected to Sentinel - this is populating alerts in the securityalerts table - but no alerts are being populated in the SecurityIncident table.  what would be the probably cause of this ... I suspect something simple but causing some confusion.   tks 

930 Views
0 Likes
2 Replies
Reply
2 Replies
m_zorich

‎Nov 02 2021 03:00 PM

‎Nov 02 2021 03:00 PM

Re: Alerts to Incidents

On the data connector page for M365 Defender you should see a tick box for 'Turn off all Microsoft incident creation rules for these products. Recommended.' if you untick that incidents will be generated (it could be very noisy, hence is off by default)

 

m365d.png

 

@wootts 

1 Like
Reply
wootts

‎Nov 09 2021 05:25 AM

‎Nov 09 2021 05:25 AM

Re: Alerts to Incidents

Hi - it ended up being an error in the backend that only MS could fix .. thanks for taking the time to reply..
0 Likes
Reply