Mar 06 2020 01:07 AM
Hello Community,
we are working on a custom Hunting Query based on a failed login by expired account in Azure Sentinel. The Query runs properly but when we try to add it to livestream, we noticed that the query pauses by itself after some time.
In Microsoft Docs we found that the query added to livestream is supposed to run until it is stopped intentionally. Could you please tell us how to solve this issue?
Thank you for your support!
Mar 06 2020 05:46 AM
@Francesco47 Could you post the query so we can take a look at it to make sure there's no thresholds built into it?
Additionally, the Live Stream session will continue unless you sign out of the Azure portal. So, an active Azure portal session is also required.