Testing Microsoft Defender XDR with Azure Sentinel in a CDX-like Environment
I'm looking to try out Microsoft Defender XDR with Azure Sentinel, but my current setup—a CDX tenant under an E5 subscription—doesn't have an active Azure subscription. Any suggestions for workarounds or similar environments where I can test Microsoft…
Sentinel Kusto Query todatetime function does not work with dynamic values.
I have a kusto query to calculate MTTR by client. When an incident is resolved, an analyst comments the resolution time in the format R: time where time is when the incident was resolved and R is to make the comment unique. Example R: Friday, May 10,…
Sentinel bicep deployment : InvalidParameter - Solution product cannot start with 'OMSGallery/' as it is reserved for Microsoft first party solutions.
Hello, i am learning how to script and i wish to deploy Sentinel with bicep. I have created a script from Microsoft templates and have added variables as well as a jsonc parameters file. I use VSC with the bicep extension in order to "easily"…
How are github links created/referenced in function app
I am finding it difficult to understand how are these links generated. https://aka.ms/sentinel-ApigeeXDataConnector-azuredeploy https://aka.ms/sentinel-ApigeeXDataConnector-functionapp I am building a similar function app json for my solution, and I…
Inquiry Regarding Multiple 4624 Event ID Logs for Single User Login
Hello Team, I am reaching out to inquire about a matter related to our Windows Security logs. Specifically, we have observed multiple instances of Event ID 4624 being logged for a single user login event in the Security Events table. As part of our…
Respond to incidents across multiple tenants deploying Defender XDR from One Centralized Ms Sentinel
Hello, I have a customer having 3 tenant A,B and C. Tenant A and C each are using Microsoft Defender XDR. MS Sentinel is configured on Tenant B. He want to centralize all events and logs on Sentinel and want to configure responses if any incident is…
How to add a function app for azure workbook and sentinel solution
Hi, I am working on contributing to an azure sentinel solution in github, My solution contains data connector and workbooks. Now, I want to add a workbook that talks to a custom endpoint. In this case, the custom endpoint is a function app http…
KQL validation is failing locally
I ran dotnet test as per https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally [xUnit.net 00:00:00.41] Exception discovering tests from Kqlvalidations.Tests: System.BadImageFormatException: Could not load file or assembly…
Failed to save analytics rule query.
I can create any active analytics rule query in Microsoft Sentinel. While trying to create a new one a error occurs: "Failed to save the analytics rule query. Log Analytics workspace 'xxx' could not be found." It started when the previous…
Can I create a playbook in Microsoft Sentinel that is able to disable a compromised hybrid user account whose authentication authority is an on-premises Active Directory Domain controller?
I would like to create a playbook that disables a compromised account. The account is synchronised from an on-premises Active Directory Domain Controller. Synchronisation to Microsoft Entra ID is through Microsoft Entra Connect Sync. Password hash…
30 day challenge for security operations analyst cert module numbers inconsistent
I am doing the 30 day challenge for sc-200 Security Operations Analyst. I have done the 53 modules stated in the challenge, however, my status says 53 of 54 modules completed. I have no info how to get to the 54th module if it exists! URL:…
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
Missing permission 'Microsoft.OperationsManagement/register/action' on scope '/subscriptions/8c507d2e-37ef-4ae1-864f-fd05f45b3cdb' is required to add Microsoft Sentinel to the selected workspace
Hi I'm facing problem when I tried to subscribe to Microsoft Sentinel. When I tried to add Microsoft Sentinel to my desire workspace , this notification pops up. I do have the Owner and Security Administrator permission. Can someone please enlighten me…
This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers
Hello There, In the latest sentinel news, a new solution has appeared, which is in preview, I would like to ask a question regarding the deployment of this solution, in sentinel there is a new option below the Content Management called Content Hub, and…
Unable to take Applied Skills Assessments
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix. - Configure SIEM security operations using Microsoft Sentinel
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob
Azure Activity - data connector prerequisites
Hi all, When trying to enable the azure Acitvity connector in sentinal it says: I am am owner of the subscription already?
Mismatch in amount of data received in logs analytics workspace and DCR metrics
I have defined a data collection rule and am using logs ingestion api to send data to 2 custom tables. I have defined diagnostic settings for the DCR such that error logs are sent to logs analytics workspace. For about an hour, I have events ingested…
Azure Workbook merge query visualization
I have created an Azure Workbook with a merge query that combines two table sources. This produces a nice table of resources (in this case, a list of VM's). Now all I want to do is somehow summarize this merged table and get the total number of VM's…
How can I integrate GuardDuty findings with Microsoft Sentinel?
GuardDuty - Sentinel Integration