Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,159 questions
Office 365 ATP analytics rule for Azure Sentinel very slow to create incidents
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 68%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGY%3C/text%3E%3C/svg%3E)
Gareth Young
1
Reputation point
Hello,
I have a demo tenant that we are using to test monitoring of Office 365 ATP Alerts in Azure Sentinel
We are using the standard analytics rule that generates an incident when an alert is generated in ATP.
It takes HOURS between the time the alert is generated to Sentinel picking it up and creating an incident.
Is this the expected behaviour? Is there any way to force the analytics rule to run, it does not appear to be customizable.
Thanks!
{count} votes
-
James Hamil 25,396 Reputation points Microsoft Employee2020-11-03T20:11:55.91+00:00 Hi, yes this seems unexpected. Are you following any documentation? If you have any references I can look at those. Otherwise I can create a support ticket for you!
-
James Hamil 25,396 Reputation points Microsoft Employee
2020-11-26T00:50:17.237+00:00 Hi, do you still require assistance?
Thank you,
James
Sign in to comment
Sign in to answer