Hi @Raymundo L ,
Summary
I understand that you are having issues receiving events from Microsoft Defender for Cloud apps in your syslog notifications.
Symptom and possible causes
This can happen if there are no security events to display, if there is some configuration missing, or if there is a connectivity issue.
If you have any health alerts or recommendations in your tenant, those may be causing a connectivity issue, and I recommend resolving those alerts before troubleshooting the syslog notifications. I have particularly seen this in cases where domain controllers needed to be restarted or needed increased RAM.
Troubleshooting steps
The best way to test this and isolate the issue is to perform a simulation of “Network-mapping reconnaissance (DNS)”, where you can verify if you receive an alert after following the steps in this article.
After the simulation test, you will be able to share if there is mismatch between events displayed in the portal and notifications.
I would also verify whether the test message is working in the Defender for Identity portal under settings > Notifications and Reports > Notifications and share a screenshot of which types of notifications you have chosen to send.
https://learn.microsoft.com/en-us/defender-for-identity/setting-syslog
If you are still having this issue and share the results of these tests, it will be easier to isolate the issue.