Sentinel detection rule
In my subscription I have created an infrastructure for the Red Team exercises using various techniques to develop an effective Sentinel detection rule to respond.
In this scenario I noticed that in case of attacks on Windows VMs using sysmon to format the Windows log, if I query the Sentinel Logs from the Azure console, I immediately see the values I am looking for and that I use as criteria to activate our rule Sentinel detection, while the incident is opened by Sentinel Azure well beyond the 5 minutes I set as the Schedule Time of the Sentinel rule.
What should be done to make the Sentinel detection rule take action faster?