Apr 09 2020 06:39 AM
Hi all, we noted starting last night that our SecurityAlert table in SecurityInsights was no longer being updated. Is there a way to force an update/refresh of the data? Maybe disconnect and reconnect the various connectors, or maybe remove and than add back the Analytics Rules for the various MS alert feeds?
Thanks,
Lance
Apr 09 2020 07:49 AM
Also noting that entity mapping fields are missing in new Incidents added to Sentinel since the issue started occurring. Possible issue with the default Microsoft Security (Preview), Analytics Rule Types?
Apr 09 2020 08:15 AM
We are also noting that after a Incident is added to Sentinel we are seeing the following message under Evidence & Entities for an extended time. "Preparing investigation data for this incident. Please try again in a few minutes."
Curious, is anyone else seeing this?
Lance