How to add a function app for azure workbook and sentinel solution
Hi, I am working on contributing to an azure sentinel solution in github, My solution contains data connector and workbooks. Now, I want to add a workbook that talks to a custom endpoint. In this case, the custom endpoint is a function app http…
The query behind the Sentinel Open | New | Active incident widget
Hi, We are trying to figure out what query produces the following numbers in Sentinel We've been trying to produce the same numbers using the SecurityIncident and SecurityAlert table, but the number of incidents are much less than showed here. I'm…
30 day challenge for security operations analyst cert module numbers inconsistent
I am doing the 30 day challenge for sc-200 Security Operations Analyst. I have done the 53 modules stated in the challenge, however, my status says 53 of 54 modules completed. I have no info how to get to the 54th module if it exists! URL:…
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
How to audit the creator of an Enterprise Application in Azure
Hy I'm trying to get the creator of an "Enterprise Application", as soon as someone is creating one by query below. AuditLogs | where Category =~ "ApplicationManagement" | where OperationName =~ "Add application" | mv-expand…
Retention and archiving cost of non-billable tables
Hey folks I see MS updated this page a few months ago: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-3%2Cportal-1%2Cportal-2#pricing-model This part has been added to the documentation: "Log data…
Missing permission 'Microsoft.OperationsManagement/register/action' on scope '/subscriptions/8c507d2e-37ef-4ae1-864f-fd05f45b3cdb' is required to add Microsoft Sentinel to the selected workspace
Hi I'm facing problem when I tried to subscribe to Microsoft Sentinel. When I tried to add Microsoft Sentinel to my desire workspace , this notification pops up. I do have the Owner and Security Administrator permission. Can someone please enlighten me…
How to optimize amount of data sent via LogsIngestionClient.upload operation
Hi, I am using logs ingestion client in python to upload data. My usecase is to read messages off of aws sqs and build payloads that can be sent via LogsIngestionClient client. I built a simple timer trigger function app that reads aws sqs for new…
How are github links created/referenced in function app
I am finding it difficult to understand how are these links generated. https://aka.ms/sentinel-ApigeeXDataConnector-azuredeploy https://aka.ms/sentinel-ApigeeXDataConnector-functionapp I am building a similar function app json for my solution, and I…
Can I create a playbook in Microsoft Sentinel that is able to disable a compromised hybrid user account whose authentication authority is an on-premises Active Directory Domain controller?
I would like to create a playbook that disables a compromised account. The account is synchronised from an on-premises Active Directory Domain Controller. Synchronisation to Microsoft Entra ID is through Microsoft Entra Connect Sync. Password hash…
KQL validation is failing locally
I ran dotnet test as per https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally [xUnit.net 00:00:00.41] Exception discovering tests from Kqlvalidations.Tests: System.BadImageFormatException: Could not load file or assembly…
Sentinel Smart Deployment cannot push csv file to Azure DevOps
When I deploy content to sentinel using Azure DevOps, the content deploys successfully but when smart deployment enabled, it cannot push csv tracking file to Azure Repo with error [Warning] API call failed:…
Is there any oracle logs parser for azure sentinel we are not using oracle unified agent
Is there any oracle logs parser for azure sentinel we are not using oracle unified agent
Threat Intelligence Sharing
Hi all, Is it possible to use threat intelligence from a third party solution with Microsoft sentinel? And if possible, how would you connect them? Custom connectors? regard,
Closure Comments getting wiped out from Sentinel Incidents
Hi, We have observed that closure comments updated on sentinel incidents are getting wiped out after some time. This issue is observed for some of the alerts detected by Microsoft Defender. Only the closure classification remain in the incident activity…
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Applied skills Name: Deploy containers by using Azure Kubernetes Service Issue: This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Azure Active Directory data connector missing
Hello all, Something that I've done on the regular has stopped working. Before reaching out to support, wondering if settings have just moved somewhere.. Basically trying to add the Azure Active Directory data connector to a Sentinel instance. Usually…
This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers
Hello There, In the latest sentinel news, a new solution has appeared, which is in preview, I would like to ask a question regarding the deployment of this solution, in sentinel there is a new option below the Content Management called Content Hub, and…
azure sentinel for aws log
I'm having issues importing AWS logs into Azure Sentinel. There are no issues importing data using data connectors, but I want to manually import tables that are not supported by data connectors in JSON format. I tried using Custom Log Data Collection…
Analytic Rule -Which time prevails, Lookup data from the last or set in query?
I have a question regarding the search times when configuring a new alert and I don't know which time predominates, the one that is put in the query or the one that is set at the level of the alert configuration. Let's take the following query as an…