SecurityInsights > SecurityAlert table no longer updating

Occasional Contributor

Hi all, we noted starting last night that our SecurityAlert table in SecurityInsights was no longer being updated.  Is there a way to force an update/refresh of the data?  Maybe disconnect and reconnect the various connectors, or maybe remove and than add back the Analytics Rules for the various MS alert feeds?

 

Thanks,

Lance

2 Replies

Also noting that entity mapping fields are missing in new Incidents added to Sentinel since the issue started occurring.  Possible issue with the default Microsoft Security (Preview), Analytics Rule Types?

We are also noting that after a Incident is added to Sentinel we are seeing the following message under Evidence & Entities for an extended time. "Preparing investigation data for this incident. Please try again in a few minutes."

 

Curious, is anyone else seeing this?

 

Lance