Hi all,

From yesterday (18/10/2021), we observe that only Security Alerts from MCAS with Status "Dismissed", "Resolved" are ingested to Azure Sentinel SecurityAlert table.

Although we have Alerts in MCAS console with status "Open", we can't see them to Azure Sentinel. Once their status changes to "Resolved" the are normally ingested to Azure Sentinel.

The integration we use is through Azure Sentinel Native Data Connector for MCAS.

The same issue is also evident to Microsoft 365 Defender. Only "Resolved" Alerts/Incidents are ingested from Cloud App Security.

Is there any change in the Integration between MCAS Alerts and Azure Sentinel?

Regards,

Greg