🔥 3-day streak
Microsoft Security Operations Analyst176 / 190
Question 176 of 190

You are creating a scheduled analytics rule in Microsoft Sentinel to detect brute-force sign-in attempts. You configure the rule to run every 1 hour with a lookup (query) period of 15 minutes. After deployment, the SOC reports that some brute-force bursts are not generating alerts even though the raw data is present in the workspace. What is the most likely cause and the correct remediation?

Reviewed for accuracy · Report an issueNext question