![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 41%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
25,142 questions
Thank you for posting your query on Microsoft Q&A, from above description I could understand that you have created sentinel analytics rules, got events triggered and later deleted the rule however the events are showing up in dashboard and audit details of the sentinel health.
Please do correct me by responding in the comments for any discrepancies.
Sentinel dashboard does hold the data for past 24 hours to 30 days. Any events generated by the rules before deletion may show up within the dashboard as the events have been saved in the workspace.
- Same goes with SentinelHealth and SentinelAudit data tables:
The following types of analytics rule health events are logged in the SentinelHealth table:
- Scheduled analytics rule run.
- NRT analytics rule run.
- For more information, see SentinelHealth table columns schema.
The following types of analytics rule audit events are logged in the SentinelAudit table:
- Create or update analytics rule.
- Analytics rule deleted.
- For more information, see SentinelAudit table columns schema.
The screenshot you have shared have the deleted log of the rule, so it would show up but there won't be any new events generated:
---Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks, Akshay Kaushik