M365 Defender Logs integration- duplicated alerts from Defender for Endpoint


M365 Defender Logs integration is spamming with duplicated Microsft Defender for Endpoint alerts. It retrieves the same alerts every 5 minutes, even when the alerts and incidents are already marked as resoled in Defender for Endpoint console. It happens all the time since I enabled the integration for around one week already and I am flooded with these alerts. Please take a look at attached screenshot as example of described behavior.

Any chance to suppress it and to not receive these alerts all the time? It looks like typical bug in integration. Duplication doesn't happen with (in example) Defender alerts about email reported by user or malware file uploaded to OneDrive/Sharepoint. Only for Defender for Endpoint alerts.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.