Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,083 questions
1 answer
One of the answers was accepted by the question author.
Issue with Sentinel Entra ID Connector
Hello, We have a Log Analytics Workspace that was moved to a different Azure subscription. One of the connectors that is configured is for Entra ID. I'm able to confirm that we're receiving Entra ID logs, but we've found an issue when trying to access…
asked 2024-08-16T00:35:59.58+00:00
Richard Long
341
Reputation points
commented 2024-08-16T14:57:30.8566667+00:00
Richard Long
341
Reputation points
1 answer
Incorrect data in the Usage table
Hi folks A few days ago I noticed an odd behavior in multiple environments. In these Sentinel instances we don't have any logs in the AzureDiagnotics table. But when I query the Usage table it shows some data for the AzureDiagnostics DataType. So,…
asked 2024-08-13T09:11:05.1833333+00:00
Sándor Tőkési
181
Reputation points
edited a comment 2024-08-16T06:45:11.2+00:00
Harini Arulazhagan
0
Reputation points Microsoft Vendor
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on automating the deployment of a Microsoft Sentinel workspace using PowerShell scripts. So far, I have successfully used the Microsoft.SecurityInsights API to install solutions and enable analytic rules. Now, I am looking to…
asked 2024-08-12T14:42:15.0433333+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:42:15.0433333+00:00
Robbe Willeme
0
Reputation points
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:32:30.4133333+00:00
Robbe Willeme
0
Reputation points
commented 2024-08-13T07:58:23.62+00:00
Givary-MSFT
31,451
Reputation points Microsoft Employee
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:28:02.2866667+00:00
Robbe Willeme
0
Reputation points
commented 2024-08-13T07:56:18.2433333+00:00
Givary-MSFT
31,451
Reputation points Microsoft Employee
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:22:49.1466667+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:22:49.1466667+00:00
Robbe Willeme
0
Reputation points
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:19:27.4333333+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:19:27.4333333+00:00
Robbe Willeme
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Anyone managed to get IoCs ( threat indicators ) from Sentinel to Defender for endpoint
Currently I have some scripts running on a cron job that import IoCs to defender for endpoint indicator list ( this allows blocking on the endpoints) . We have recently setup a Sentinel instance and it’s pretty easy to add threat intel to Sentinel via a…
asked 2024-08-12T07:21:48.0933333+00:00
Nicholas Giannoulis
20
Reputation points
accepted 2024-08-14T06:31:26.0333333+00:00
Nicholas Giannoulis
20
Reputation points
1 answer
SecurityEvent Table Transformation DCR not working
I'm having an issue with ingestion on to a Workspace that is connected to Microsoft Sentinel. I have created a Transformation DCR / Ingestion Time Filter on the SecurityEvents table, but am still seeing events in the logs that should have been filtered…
asked 2024-08-09T18:36:16.23+00:00
Greg Sneed
20
Reputation points
commented 2024-08-15T20:27:02.3033333+00:00
Greg Sneed
20
Reputation points
0 answers
'Microsoft Community v2' in the SigninLogs Table
Hi all, Would anyone be able to explain what 'Microsoft Community v2' is under the AppDisplayName within the SigininLogs table in Sentinel. Does anyone know what this is used for and why it would be triggered failed sign-in attempts for users? Thanks,
asked 2024-08-09T12:46:42.1166667+00:00
Steven Henwood
0
Reputation points
edited a comment 2024-08-09T14:18:51.3033333+00:00
Andrew Blumhardt
9,856
Reputation points Microsoft Employee
0 answers
Jumpcloud connector not in sentinel
How can we connect it with sentinel, I tried solutions available on Github but it seems to be having an issue The Function app may be missing a module containing the 'New-AzStorageContext' command definition. If this command belongs to a module…
asked 2024-08-08T10:36:36.6566667+00:00
Rahul Gupta
0
Reputation points
commented 2024-08-12T09:59:43.3433333+00:00
Givary-MSFT
31,451
Reputation points Microsoft Employee
0 answers
AMA Validation failed - Syslog daemon configuration failed
Hi , Installed AMA via Azure Arc, After giving validation for installation , failed on Verifying Syslog daemon forwarding Configuration. Agent doesn't connected to log analytics workspace. Tried re -install doesn't work
asked 2024-08-08T09:21:15.6966667+00:00
Vimal Kumar A R
20
Reputation points
asked 2024-08-08T09:21:15.6966667+00:00
Vimal Kumar A R
20
Reputation points
1 answer
integrating Snowflake with Microsoft Sentinel
i need to integrating Snowflake with Microsoft Sentinel what grants the role needs for this integration?
asked 2024-08-07T14:08:46.7+00:00
Ali Salem Panah
0
Reputation points
answered 2024-08-12T08:50:42.5633333+00:00
Sandeep G-MSFT
17,316
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to parse CSV data in Data Collection Rule?
Hello, I can parse CSV data with this KQL in LAW: parse_csv(RawData) However, when I use it in the Transform section of the Data Collection Rule, I get the following error: Update Error - Error occurred while compiling query in query:…
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,132 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,083 questions
asked 2024-08-06T23:24:13.02+00:00
Yusuf KUYRUKÇU
20
Reputation points
accepted 2024-08-08T05:50:55.8466667+00:00
Yusuf KUYRUKÇU
20
Reputation points
1 answer
AWS S3 bucket logs not ingesting to Microsoft Sentinel
I have configured the AWS S3 data connector in Microsoft Sentinel. Ref: https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3. I have created a S3 bucket and Simple queue service as documented on the connector page. Furthermore, I have…
asked 2024-08-06T11:51:09.73+00:00
Deep Thakkar
10
Reputation points
edited an answer 2024-08-09T23:28:39.9533333+00:00
Marilee Turscak-MSFT
36,786
Reputation points Microsoft Employee
2 answers
Tenable Nessus Data Connector Not working on Microsoft Sentinel
Hello good day, I deploy the Tenable Nessus Data connector to Sentinel using the ARM Template. I have gone over this setup several times without fail. All my settings are right. I see even see the Function App and other dependent components. Everything…
asked 2024-08-05T11:25:30.8266667+00:00
Evidence Monday
0
Reputation points
answered 2024-08-08T22:24:34.21+00:00
Marilee Turscak-MSFT
36,786
Reputation points Microsoft Employee
2 answers
Mapping AWS CloudTrail log schema to Sentinel table columns
Is there a predefined mapping between the AWS CloudTrail log schema and the Sentinel table columns? Specifically, can you provide the schema mapping via the AWS S3 data connector?
asked 2024-07-30T14:19:43.6033333+00:00
LilianneChoy-1157
6
Reputation points
answered 2024-08-15T16:18:23.6533333+00:00
LilianneChoy-1157
6
Reputation points
1 answer
A logic app Get-VirusTotalIPReport is not working
I am trying to automate IP enrichment using the Virus Total API. I have set up a logic app and tied it to a respective analytical rule but I am getting the following error. This is a test instance and we have only few resources running on it.
asked 2024-07-30T11:07:58.4133333+00:00
Bhupender Singh
0
Reputation points
answered 2024-07-30T11:33:30.39+00:00
Sedat SALMAN
13,585
Reputation points
1 answer
Add Microsoft Sentinel to Log Analytics Workspace using Ansible
I am trying to create a Log Analytics Workspace with Microsoft Sentinel using Ansible following this module: https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_loganalyticsworkspace_module.html - name: Create a workspace…
asked 2024-07-25T19:02:15.28+00:00
Ravalia Krutika Harishbhai
40
Reputation points
edited an answer 2024-07-29T12:28:00.28+00:00
Andrew Blumhardt
9,856
Reputation points Microsoft Employee
0 answers
Postgre SQL DB logs
I am trying to connect PostgreSQL DB Events to Microsoft Sentinel using the PostgreSQL Events built in data connector. All the configurations are done properly, heartbeat is there from the machine where this PostgreSQL is installed, but no logs. We are…
asked 2024-07-25T05:14:21.27+00:00
Praveen Ayyasamy
40
Reputation points
edited the question 2024-08-06T03:36:12.6933333+00:00
Givary-MSFT
31,451
Reputation points Microsoft Employee