Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Closing alerts in Azure Sentinel does not automatically close in Cloud App Security console

Brass Contributor

We have both Cloud App Security and Azure Sentinel deploy on the environment. When we get alerts from Cloud App Security to Azure Sentinel, we overlook the incidents and close them accordingly. When we do this same alert generated in Cloud App Security side is not being closed. This leads for duplication of jobs where engineer need to close the alert both in Cloud App Security and Azure Sentinel. 

 

Is there a way when we resolve an incident on Sentinel side it's related alerts to be closed in Cloud App Security side?

2 Replies

This capability is coming.

However, in the interim there's a Playbook available that will accomplish this for you: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-Incident-MCAS

Thanks Rodtrent. Let me check on this Playbook on customer's environment.