All,
I see strange things within the sync between Sentinel and Microsoft 365 Defender (Security Center)
When you close all the alerts within 1 incident in security center AND you do not resolve the incident in Microsoft 365 Defender (Security Center) the incident is closed in Sentinel. you should assume when you close the incident in Microsoft 365 Defender (Security Center) , then it will be closed in Sentinel
Arjan
