Alerts to Incidents


Hi team

I have raised an incident - but whilst I wait for an update - we have M365D connected to Sentinel - this is populating alerts in the securityalerts table - but no alerts are being populated in the SecurityIncident table.  what would be the probably cause of this ... I suspect something simple but causing some confusion.   tks 

2 Replies

On the data connector page for M365 Defender you should see a tick box for 'Turn off all Microsoft incident creation rules for these products. Recommended.' if you untick that incidents will be generated (it could be very noisy, hence is off by default)





Hi - it ended up being an error in the backend that only MS could fix .. thanks for taking the time to reply..