Hello,
we are struggling to integrate Azure Sentinel to QRoC over Universal Cloud REST API connector workflow described here https://www.ibm.com/docs/en/uax?topic=ucradspms-universal-cloud-rest-api-connector-workflow-microsoft-sentinel. Integration on network level works properly. However we are facing problems once workflow is invoked and is trying to fetch Sentinel incidents. They are fetched but have big delay and not all of them are always pulled.
I did several tests with Postman/CURL utilities and when I query Azure Sentinel API all incidents are pulled. The same with QRoC 'TEST' feature during deployment.
We think that the problem is with KQL query used in workflow. We also asked MS for support but no luck.
Did somebody deal with this kind of issue? Please, do you have somebody working workflow, properly?
Thank you for any hints/tips/tricks...