Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
999 questions
1 answer
One of the answers was accepted by the question author.
Testing Microsoft Defender XDR with Azure Sentinel in a CDX-like Environment
I'm looking to try out Microsoft Defender XDR with Azure Sentinel, but my current setup—a CDX tenant under an E5 subscription—doesn't have an active Azure subscription. Any suggestions for workarounds or similar environments where I can test Microsoft…
asked 2024-05-14T06:07:28.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 77%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Avishka Bandarathilaka
20
Reputation points
commented 2024-05-17T10:03:46.94+00:00
Avishka Bandarathilaka
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Sentinel Kusto Query todatetime function does not work with dynamic values.
I have a kusto query to calculate MTTR by client. When an incident is resolved, an analyst comments the resolution time in the format R: time where time is when the incident was resolved and R is to make the comment unique. Example R: Friday, May 10,…
asked 2024-05-10T11:24:54.8433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 0%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Julius Ekane
20
Reputation points
accepted 2024-05-14T12:38:04.1866667+00:00
Julius Ekane
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Sentinel bicep deployment : InvalidParameter - Solution product cannot start with 'OMSGallery/' as it is reserved for Microsoft first party solutions.
Hello, i am learning how to script and i wish to deploy Sentinel with bicep. I have created a script from Microsoft templates and have added variables as well as a jsonc parameters file. I use VSC with the bicep extension in order to "easily"…
asked 2023-01-17T16:00:00.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 14.000000000000002%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Dunvael LE ROUX
40
Reputation points
commented 2024-05-14T05:58:23.0133333+00:00
Stanislav Zhelyazkov
21,506
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
How are github links created/referenced in function app
I am finding it difficult to understand how are these links generated. https://aka.ms/sentinel-ApigeeXDataConnector-azuredeploy https://aka.ms/sentinel-ApigeeXDataConnector-functionapp I am building a similar function app json for my solution, and I…
asked 2024-04-27T00:50:47.2866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
165
Reputation points
accepted 2024-05-09T04:49:56.79+00:00
Ashwin Venkatesha
165
Reputation points
1 answer
One of the answers was accepted by the question author.
Inquiry Regarding Multiple 4624 Event ID Logs for Single User Login
Hello Team, I am reaching out to inquire about a matter related to our Windows Security logs. Specifically, we have observed multiple instances of Event ID 4624 being logged for a single user login event in the Security Events table. As part of our…
asked 2024-05-01T18:05:09.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 83%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Srisaiteja Palle
20
Reputation points
accepted 2024-05-08T16:56:42.5566667+00:00
Srisaiteja Palle
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Respond to incidents across multiple tenants deploying Defender XDR from One Centralized Ms Sentinel
Hello, I have a customer having 3 tenant A,B and C. Tenant A and C each are using Microsoft Defender XDR. MS Sentinel is configured on Tenant B. He want to centralize all events and logs on Sentinel and want to configure responses if any incident is…
asked 2024-05-02T13:05:38.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 81%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Farah MHAMDI
20
Reputation points
commented 2024-05-08T14:54:53.59+00:00
Farah MHAMDI
20
Reputation points
1 answer
One of the answers was accepted by the question author.
How to add a function app for azure workbook and sentinel solution
Hi, I am working on contributing to an azure sentinel solution in github, My solution contains data connector and workbooks. Now, I want to add a workbook that talks to a custom endpoint. In this case, the custom endpoint is a function app http…
asked 2024-04-30T07:54:16.0666667+00:00
Ashwin Venkatesha
165
Reputation points
accepted 2024-05-07T22:24:11.4133333+00:00
Ashwin Venkatesha
165
Reputation points
1 answer
One of the answers was accepted by the question author.
KQL validation is failing locally
I ran dotnet test as per https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally [xUnit.net 00:00:00.41] Exception discovering tests from Kqlvalidations.Tests: System.BadImageFormatException: Could not load file or assembly…
asked 2024-04-26T06:17:29.5366667+00:00
Ashwin Venkatesha
165
Reputation points
accepted 2024-05-07T22:01:16.9833333+00:00
Ashwin Venkatesha
165
Reputation points
1 answer
One of the answers was accepted by the question author.
Failed to save analytics rule query.
I can create any active analytics rule query in Microsoft Sentinel. While trying to create a new one a error occurs: "Failed to save the analytics rule query. Log Analytics workspace 'xxx' could not be found." It started when the previous…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E3%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Can I create a playbook in Microsoft Sentinel that is able to disable a compromised hybrid user account whose authentication authority is an on-premises Active Directory Domain controller?
I would like to create a playbook that disables a compromised account. The account is synchronised from an on-premises Active Directory Domain Controller. Synchronisation to Microsoft Entra ID is through Microsoft Entra Connect Sync. Password hash…
asked 2024-04-27T10:12:42.72+00:00
Anthony K. Simukonda
20
Reputation points
accepted 2024-05-05T09:34:01.37+00:00
Anthony K. Simukonda
20
Reputation points
1 answer
One of the answers was accepted by the question author.
30 day challenge for security operations analyst cert module numbers inconsistent
I am doing the 30 day challenge for sc-200 Security Operations Analyst. I have done the 53 modules stated in the challenge, however, my status says 53 of 54 modules completed. I have no info how to get to the 54th module if it exists! URL:…
asked 2024-04-22T15:11:45.55+00:00
Jose Niguidula Enriquez
25
Reputation points
commented 2024-05-03T13:19:58.8166667+00:00
Jose Niguidula Enriquez
25
Reputation points
1 answer
One of the answers was accepted by the question author.
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
asked 2024-04-05T11:33:16.4333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Disha Bodade
65
Reputation points
accepted 2024-04-30T05:59:05.1333333+00:00
Disha Bodade
65
Reputation points
1 answer
One of the answers was accepted by the question author.
Missing permission 'Microsoft.OperationsManagement/register/action' on scope '/subscriptions/8c507d2e-37ef-4ae1-864f-fd05f45b3cdb' is required to add Microsoft Sentinel to the selected workspace
Hi I'm facing problem when I tried to subscribe to Microsoft Sentinel. When I tried to add Microsoft Sentinel to my desire workspace , this notification pops up. I do have the Owner and Security Administrator permission. Can someone please enlighten me…
asked 2023-03-16T09:02:09.1466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 73%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Muhammad Zariq Razali
20
Reputation points
commented 2024-04-29T15:31:47.4366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 50%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
John Munro
0
Reputation points
1 answer
One of the answers was accepted by the question author.
This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers
Hello There, In the latest sentinel news, a new solution has appeared, which is in preview, I would like to ask a question regarding the deployment of this solution, in sentinel there is a new option below the Content Management called Content Hub, and…
asked 2021-11-11T15:36:23.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 51%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Daniel Candela
21
Reputation points
commented 2024-04-18T01:29:23.1066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Matthew McKenzie
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Unable to take Applied Skills Assessments
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix. - Configure SIEM security operations using Microsoft Sentinel
asked 2024-03-24T05:29:15.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 81%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rath, Sibananda
25
Reputation points
commented 2024-04-15T17:58:16.1766667+00:00
Edward Hurtado
0
Reputation points
1 answer
One of the answers was accepted by the question author.
The Address you provided is invalid, please provide a valid address and try again!!!
Hi, While I was trying to schedule the SC-200 Exam, I got the error message that the billing address isn't valid. How can I fix this issue. Thanks! Best Regards, Jasmina Jakob
asked 2024-04-12T19:23:56.8333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
accepted 2024-04-13T12:24:56.7366667+00:00
Anonymous
1 answer
One of the answers was accepted by the question author.
Azure Activity - data connector prerequisites
Hi all, When trying to enable the azure Acitvity connector in sentinal it says: I am am owner of the subscription already?
asked 2024-04-08T12:52:17.6133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 92%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Aran Billen
681
Reputation points
accepted 2024-04-12T10:17:28.0666667+00:00
Aran Billen
681
Reputation points
1 answer
One of the answers was accepted by the question author.
Mismatch in amount of data received in logs analytics workspace and DCR metrics
I have defined a data collection rule and am using logs ingestion api to send data to 2 custom tables. I have defined diagnostic settings for the DCR such that error logs are sent to logs analytics workspace. For about an hour, I have events ingested…
asked 2024-03-28T07:47:47.7+00:00
Ashwin Venkatesha
165
Reputation points
commented 2024-04-12T05:52:27.4566667+00:00
Ashwin Venkatesha
165
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Workbook merge query visualization
I have created an Azure Workbook with a merge query that combines two table sources. This produces a nice table of resources (in this case, a list of VM's). Now all I want to do is somehow summarize this merged table and get the total number of VM's…
asked 2022-02-09T10:58:43.327+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
René
26
Reputation points
commented 2024-04-11T09:37:50.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 28.000000000000004%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Moritz von Witzleben
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How can I integrate GuardDuty findings with Microsoft Sentinel?
GuardDuty - Sentinel Integration
asked 2024-04-08T13:05:13.9266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 35%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
Johnstone Oloo
20
Reputation points
edited a comment 2024-04-10T19:13:07.72+00:00
Johnstone Oloo
20
Reputation points