How do Alerts work in Azure Sentinel?

Ray Hayes 41 Reputation points
2023-03-01T17:30:37.9266667+00:00

I've setup the three options on the Alerts page, "Alert Rules", "Action groups", and "Alert processing rules". All are active and I'm receiving emails for the Alerts so I know they're working. I don't see any alerts though when I view the page. When I review the query, I can see it refers to alertsmanagementresources but there's no data in that table as far as I can tell. There is data in the "Alert" Table that show the current time and the status "Fired". Did I set something up incorrectly so the Alerts in being sent to the wrong table?
Thanks,

Ray

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
0 comments
Accepted answer
  1. Clive Watson 5,711 Reputation points MVP
    2023-03-02T08:49:50.81+00:00

    When you say "I don't see any alerts though when I view the page." - what page / Azure screen are your referring to?

    Azure Monitor has the settings you are talking about, Microsoft Sentinel has a similar concept (Incidents and Alerts) but using a different setup and Tables. Azure Monitor Alerts dont appear in Sentinel.
    In Sentinel, you create an Analytic Rule that will generate an Incident and Alerts. These are visiable in the Sentinel portal in the Incidents blade (and also in the SecurityIncident / SecurityAlert tables).
    https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-built-in

    https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-custom

    Please "accept" this answer if this helps you.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest