cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft 365 defender alerts not capturing fields (entities) in azure sentinel

JILIN_RAJU
Copper Contributor

‎May 13 2022 07:01 AM

‎May 13 2022 07:01 AM

Microsoft 365 defender alerts not capturing fields (entities) in azure sentinel

 

          We got an alert from 365 defenders to azure sentinel ( A potentially malicious URL click was detected). To investigate this alert we have to check in the 365 defender portal.

We noticed that entities are not capturing (user, host, IP). How can we resolve this issue? 

Note: This is not a custom rule. 

1,899 Views
0 Likes
2 Replies
Reply
2 Replies
BcyberS

‎May 23 2022 07:51 AM

‎May 23 2022 07:51 AM

Re: Microsoft 365 defender alerts not capturing fields (entities) in azure sentinel

We have the same issue but I know why:

firstly, are you saying entities are not capturing in MS Sentinel (this is our issue too). If you pivot to to Microsoft 365 defender you will see the entities for the given incident or alert.

I was told by MS support that at this time entities do not capture from MS 365 defender for all incidents. This is an up coming feature which Microsoft are working on to bring entities into Sentinel. For now you have to pivot into MS 365 defender to review the entities. Not ideal for analysts but I guess the MS 365 Defender data connector is still in Preview mode,
0 Likes
Reply
rp377

‎Jul 26 2023 08:00 AM

‎Jul 26 2023 08:00 AM

Re: Microsoft 365 defender alerts not capturing fields (entities) in azure sentinel

is this issue resolved ??

It is 2023 and I am also finding it difficult to receive entities details from Microsoft 365 Defender alerts in Sentinel for all the received alerts.
0 Likes
Reply