Added daily new incident limit

yelevin · web-flow · commit ac9ccbbfcfc2 · 2024-05-27T12:58:38.000+03:00
diff --git a/articles/sentinel/includes/sentinel-limits-incidents.md b/articles/sentinel/includes/sentinel-limits-incidents.md
@@ -25,3 +25,8 @@ The following limits apply to incidents in Microsoft Sentinel.
 | Number of comments per incident   | 100 comments  | None |
 | Number of tasks  | 100 tasks | None |
 | Number of incidents returned by API to *list* request | 1000 incidents maximum | None |
+| Number of incidents per day (per workspace) | see below | Database capacity |
+
+**Number of incidents per day:** There isn't a formal, hard limit on the number of incidents that can be created per day. A workspace's actual capacity for incidents depends on the storage capacity of the incident database, so the size of the incidents is as much a factor as their number.
+
+However, a SOC that experiences the creation of more than *around* 3000 new incidents per day will in all likelihood find itself unable to keep up, and the database capacity will quickly be reached. In this situation, the SOC needs to focus on improving detection, triage, and automation, to get the count of daily new incidents to manageable levels.
