Jul 30 2021 09:13 AM
Hi Community,
Sometimes its very delay to receive the alerts of the Schedule rules of Kaspersky. While the query runs every 5 minutes and lookup for the data of the last 5 minutes. while the log is ingested on AZ sentinel after 7 minutes. The rule is not missing the event but delays in Alert triggering. Picture is attached of Last 7 days alerts about Kaspersky virus detection.
Jul 30 2021 09:45 AM
Aug 06 2021 10:04 AM