Azure
Defender for Office connector creates streaming API without AlertInfo
Describe the bug
Using the native (codeless) Defender for Office in Sentinel creates a Defender for Office streaming API without AlertInfo. I believe this will make us miss important alerts.
To Reproduce
- Enable
Defender for OfficeDataconnector in Sentinel. - Got to https://security.microsoft.com/settings/mtp_settings/raw_data_export
- Notice
AlertInfonot being enabled.
Expected behavior AlertInfo enabled.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Hi @hazcod thanks for your patience and understanding, we are discussing with the author of the connector regarding this issue, will update you shortly.
Hi @hazcod we are working with the concerned team, will update you once we hear back from them, thanks!
Hi @hazcod to use the Defender for Office streaming API with AlertInfo, please ensure that you have followed all steps mentioned in the documentation and that all pre requisites are met, please check the documentation here - Microsoft Defender for Office 365 connector for Microsoft Sentinel, thanks!
Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond on it in the next 2 days. If we don't receive response, we will be closing this issue as per our standard procedures, thanks!
Since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
If anyone else runs into this, make sure that under the Defender XDR data connector in Sentinel, "AlertInfo" is selected under "Microsoft Defender Alerts".
