Azure Sentinel Incident Trigger in Logic Apps Automation Delay
I have a logic app that uses the sentinel incident trigger. I'm noticing there is a delay of 5-8 minutes before the logic app actually triggers on all incidents.
Is there something i've set up wrong?
(Time displayed on the left is Melbourne Australia time +10)
Below is the automation trigger ive set up in Microsoft Sentinel. It's order position is 1.
Is this expected behavior? How do i debug this?
https://github.com/Azure/Azure-Sentinel/issues/9890
I see an answer here that says:
"The Creation time which you see after the Incident get generated it is Incident creation time in Defender, not the incident created into the sentinel. As mentioned into the MS doc, the sync having up to 10 min of delay. So once the Incident is fully created into the Sentinel, the automation rule will run without having any delay."
can someone confirm this.......
- LogicApp reading from Sharepoint subfolders
- How to write a Bicep API Connection formrecognizer with api key
- How to pass several Id to SQL filter Logic Add?
- Email errors from all activities in ADF at once
- Azure Logic Apps - Queries for telemetry 2.0 show no results
- Case sensitivity in file name and extension in managed File System Connector using Data Gateway
- Logic App - Configure to follow a 308 PermRedirect
- ExpressionEvaluationFailed. The execution of template action 'For_each' failed:
- Azure Logic Apps - Log Analytics - where can I find the output error message?
- How do you get a Key Vault secret using inline ‘CSharp Script Code’ In an Azure Workflow?
- Equivalent Connector for Create Block Blob in Azure Standard Logic App
- Workflow validation failed for the workflow 'shiptest'. {"error":{"code":"WorkflowTriggerTypeUnsupported",
- How can you remove the odata.etag when using the Get Entities action with an Azure Table?
- Graph Pagination in Logic Apps
- Logic App Standard: extension bundle doesn't support connecting to the storage account using Managed Service Identity
- Filter an array in Azure Logic Apps
- Logicapp designer in visual studio code becomes entangeled
- Azure Logic App - Update o365 profile image
- Extract Email from outlook using Logic app
- Updating azure Storage Account table through Logic Apps
- How to select data from a collection?
- Logic App AuthorizationFailure - vnet integration needed
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- Azure logic apps encode left bracket in json query param names to ~2. How can I rewrite with concat and/or replace functions?
- Azure Logic App Local Debugging - Getting DirectApiAuthorizationRequired Error
- How to handle null value in logic app condition module
- Add properties to an object in a variable in Azure Logic Apps
- Workflow Validation Failed Error: The function cannot be called from a logic app. It must not have a custom route
- In an AZURE Function how to throw an error to be caught in the Azure Logic AP
- Cannot get AAD auth token in Logic Apps