MCAS integration with Sentinel - All old alerts generated incidents in sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2745404%22%20slang%3D%22en-US%22%3EMCAS%20integration%20with%20Sentinel%20-%20All%20old%20alerts%20generated%20incidents%20in%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2745404%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20observed%20some%20unusual%20behaviour%20from%20MCAS%20and%20Sentinel%20integration.%20Based%20on%20attached%20screenshot%2C%20you%20can%20see%20that%20there%20are%20bulk%20of%20incident%20generated%20in%20Azure%20sentinel%20that%20are%20forwarded%20from%20MCAS.%20Most%20of%20these%20alerts%20are%20old%20dated%20(5%20Months%20old).%20Most%20of%20these%20alerts%20are%20closed%20in%20MCAS%20already.%20Not%20sure%20why%20it%20dumped%20all%20the%20alerts%20on%20sentinel.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Deepanshu_Marwah_1-1631529237155.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F310006i69DA1A8D819F1601%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Deepanshu_Marwah_1-1631529237155.png%22%20alt%3D%22Deepanshu_Marwah_1-1631529237155.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThis%20behaviour%20has%20been%20observed%20couple%20of%20times.%20Anyone%20else%20faced%20similar%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2745404%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi 

 

I have observed some unusual behaviour from MCAS and Sentinel integration. Based on attached screenshot, you can see that there are bulk of incident generated in Azure sentinel that are forwarded from MCAS. Most of these alerts are old dated (5 Months old). Most of these alerts are closed in MCAS already. Not sure why it dumped all the alerts on sentinel. 

 

 

Deepanshu_Marwah_1-1631529237155.png

This behaviour has been observed couple of times. Anyone else faced similar issue?

 

0 Replies
www.000webhost.com