Forum Discussion
New Sentinel Integration Causing a Single Large Incident
I migrated Sentinel to the new Defender XDR connector, giving it access to the SecurityAlerts and SecurityIncident table. Defender's entity matching is now creating one large incident of pretty much every Sentinel incident raised, meaning if we close it, it is just going to re-raise as the entity graph grows.
Has this happened to anyone else? How can we stop this from happening?
- Past Sentinel rule suppressions won't carry forward to new Defender XDR portal. You need to configure the alerts again (please correct me if this is incorrect). Have played with feature a little bit.
Check out the article https://learn.microsoft.com/en-us/defender-xdr/investigate-alerts?view=o365-worldwide#public-preview-tune-an-alert
