Jul 08 2020 12:08 PM
Hello,
I have Azure Sentinel deployed with about 85 analytic rules enabled. I noticed that I have several analytic rules triggering, but incidents are not coming in. I had incidents come in until yesterday, but now I don't see any incidents coming in, even though there are alerts coming in.
Jul 08 2020 12:27 PM
@akhalili What 'Time Range' is your Incidents blade set to display?
Jul 08 2020 12:46 PM
@Rod_Trent: The blade is for the last 24 hours. I know that if i change it to 48 hours, I will see the older incidents. The issue here is that I know that there definitely should have been incidents in the last 24 hours, but there is nothing coming in. I even created a test analytic rule that would generate an incident for any logs coming in, but still no incidents.
Jul 08 2020 12:49 PM
@akhalili Wow...very strange, indeed.
What do you get back from the following?
Jul 08 2020 12:50 PM
@akhalili Probably a silly question but could the Analytic rules have been changed to *not* create an incident, only an alert?
Jul 08 2020 12:51 PM
@Rod_Trent I get a bunch of alerts from the different connectors I have. This is how I figured out that alerts were coming in, but no incidents were being generated.
Jul 08 2020 12:52 PM
@Gary Bushey No there was not any changes made to any analytic rules.
Jul 09 2020 05:35 AM
@akhalili Wanted to check back. Has this resolved itself today, by any chance?