Share via

will Incidents syncing delay after we configure unified platform?

supriya nelluri 5 Reputation points
2024-12-09T14:26:46.0033333+00:00

Hello team,

We are planning to enable sentinel workspace in defender XDR portal to get the unified portal experience. I have question, will there be a delay between the syncing of incidents from defender to sentinel after this change? I have searched but didn't got the right information from Microsoft docs(some documents saying that there will be 10 mins delay but that is also not clearly said). If possible please provide the documentation as well.

Thank you.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,195 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 34,521 Reputation points Microsoft Employee
    2024-12-16T05:32:47.2933333+00:00

    @supriya nelluri Thank you for reaching out to us, As I understand you wanted to know whether is any delay in M365 Defender incidents to appear in Sentinel.

    As per our documentation It can take up to 10 minutes from the time an incident is generated in Defender XDR to the time it appears in Microsoft Sentinel.

    User's image

    Let me know if have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.