Forum Discussion
Automatically alert resolved in sentinel
If we resolve the alerts in microsoft 365 defender is there any way it automatically resolved in Microsoft sentinel also. Any assistance in this matter would be greatly appreciated.
- Hmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working-with-microsoft-365-defender-incidents-in-microsoft-sentinel-and-bi-directional-sync
If this is not happening, I honestly suggest to open a support ticket
Hi Heike, thank you so much for your response. Yes, we have set up a connector between Microsoft 365 defender and sentinel.
Currently, it only works in the sense that When we resolve an alert or incident on Sentienl and it is automatically resolved on Microsoft 365 defender.
My preference is that When we closed an alert/incidents on Microsoft 365 Defender,it should automatically be solved on sentinel.
Is there a playbook to deploy or any other solution that you can suggest ?
If you have anything to share with me to help me resolve the issue, I would really appreciate it.
HeikeRitter
Microsoft
MicrosoftHmm... this should be bi-directional without additional steps needed.
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working-with-microsoft-365-defender-incidents-in-microsoft-sentinel-and-bi-directional-sync
If this is not happening, I honestly suggest to open a support ticket
"Bi-directional sync between Sentinel and Microsoft 365 Defender incidents on status, owner, and closing reason."
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration#working-with-microsoft-365-defender-incidents-in-microsoft-sentinel-and-bi-directional-sync
If this is not happening, I honestly suggest to open a support ticket
- Hi Heike, Thank you for the information.
I have successfully connected the Sentinel and Microsoft 365 Defender.- HeikeRitterYay!!! So glad to read this!! Do you know what you had to change?
- Hi Heike,
Greetings to you and hope you are doing well.
I'm not sure why it initially didn't worked. In order to make sure everything is done right, I reconnected the Microsoft Defender and Sentinel step by step this time. As a result, it started working properly. There may have been some error or something else that prevented it from connecting at first.
Thank you so much for your assistance. Having this information really helped me to re-establish the connection.
