May 04 2022 09:18 AM
Having just recently started my adventure with Sentinel I really enjoyed the ability to drill down into incidents and explore them using the query that triggered them.
Lately however when I select an incident and click on "Events" instead of seeing the logs blade and the query, I see a base 64 encoded "alertedEvent" that is decoded into query results. This is not happening on all incidents, but a few that are based on in house developed queries. I went over the process of creating the alert rule from a query and could find no option that hides the query in favor of the base 64 encoded message ( create new query -> "New Alert Rule" -> "Create Azure Sentinel Alert" ) .
Any thoughts as to what might be causing this?
Many thanks,