New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sentinel Central Workbook in correctly counting incidents #10465
Labels
Workbook
Workbook specialty review needed
Comments
melatonein5
added a commit
to melatonein5/Azure-Sentinel
that referenced
this issue
May 10, 2024
Fixed issue Azure#10465 where incidents were not being counted correctly.
melatonein5
added a commit
to melatonein5/Azure-Sentinel
that referenced
this issue
May 10, 2024
ISSUE Azure#10465 Fix - Sentinel Central Workbook now counting incidents correctly
Hi @melatonein5, |
Hi @melatonein5, |
Hi @melatonein5, |
v-atulyadav
added a commit
that referenced
this issue
May 24, 2024
…lPatch Fixed ISSUE #10465 - Sentinel Central Workbook Patch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When viewing the "Sentinel Central" workbook, all queries returning incident counts are returning incorrect numbers.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Both incident counts should match.
Additional context
Opening this bug to reference the issue in the changelog. Adding
| summarise arg_max(TimeGenerated, *) by IncidentName
to affected queries fixes the issue. This is because every time an incident is modified, it creates a new log entry, which is not being accounted for in these queries.The text was updated successfully, but these errors were encountered: