How do Alerts work in Azure Sentinel?

Ray Hayes 41 Reputation points

I've setup the three options on the Alerts page, "Alert Rules", "Action groups", and "Alert processing rules". All are active and I'm receiving emails for the Alerts so I know they're working. I don't see any alerts though when I view the page. When I review the query, I can see it refers to alertsmanagementresources but there's no data in that table as far as I can tell. There is data in the "Alert" Table that show the current time and the status "Fired". Did I set something up incorrectly so the Alerts in being sent to the wrong table?


Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,004 questions
0 comments No comments
{count} votes

Accepted answer
  1. Clive Watson 5,876 Reputation points MVP

    When you say "I don't see any alerts though when I view the page." - what page / Azure screen are your referring to?

    Azure Monitor has the settings you are talking about, Microsoft Sentinel has a similar concept (Incidents and Alerts) but using a different setup and Tables. Azure Monitor Alerts dont appear in Sentinel.
    In Sentinel, you create an Analytic Rule that will generate an Incident and Alerts. These are visiable in the Sentinel portal in the Incidents blade (and also in the SecurityIncident / SecurityAlert tables).

    Please "accept" this answer if this helps you.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful