Unclear limit on max Incidents per Workspace per day

[camalloy]

I'm seeing a warning message about hitting a limit, however, I can't tell what limit I'm hitting based on this documentation.

Here is the warning from Sentinel:

"Notice: your workspace has generated too many incidents in the last day. If it continues at this rate, you might be unable to create or modify incidents in the future. Please turn off or adjust any rule that might be creating too many incidents."

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: fc50e485-e943-d5dd-180f-68ddd8326811
• Version Independent ID: 856810e4-c13f-97f8-6d19-33c58041a871
• Content: Microsoft Sentinel service limits
• Content Source: articles/sentinel/sentinel-service-limits.md
• Service: microsoft-sentinel
• GitHub Login: @yelevin
• Microsoft Alias: yelevin

[PesalaPavan]

@camalloy Thanks for your feedback! We will investigate and update as appropriate.

[SaibabaBalapur-MSFT]

@camalloy According to the Microsoft Sentinel service limits documentation, there is no specific limit on the maximum number of incidents per workspace per day. However, there are some general limits that apply to incidents, such as the maximum number of incidents that can be displayed concurrently in the Incidents page (100), and the maximum number of incidents that can be exported to a CSV file (10,000). Additionally, there are limits on the number of incidents that can be created or updated by various features, such as analytics rules and playbooks.

Thanks for your contribution. Please add your feedback in below link, so our production team can review it and update the same. Ideas · Community (azure.com)