This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 83%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENQ%3C/text%3E%3C/svg%3E)
Hi all,
Let me start by thanking you in advance and being honest that I am very new to Sentinel.
I've deployed a few Windows Firewall Data Connectors, Over the past few hours. However, the graph under the 'Workspace' for these machines looks odd. ID expected to see these events in a linear format across the various hours and minutes following the Data Connectors being deployed. However its just one massive spike.
Again, I'm as rookie as they come with Sentinel.
Thanks,
Niall
@Niall Quinn
I'm glad you were able to resolve your issue!
----------
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The filter is over a 24 hour period and the events are showing up at 2 PM. Is that different from what you would expect? What types of events are these?
It may take 20 minutes for the full events to show so it's possible that hadn't logged everything by the time when you checked. https://learn.microsoft.com/en-us/azure/sentinel/connect-windows-security-events
Thanks for the reply!
It was just me not waiting long enough for the heartbeats to be sent out.
Looks much better and as expected after a few hours.
Cheers!!