Microsoft Defender Threat Intelligence honeypot
Hi, I've added the Microsoft Defender Threat Intelligence Data Connector to Sentinel and I get thousands of honeypot alerts in the Threat Intelligence page, how can I filter these notifications?
how can I validate my Sentinel Content before PR ?
Hello MS Team, I am currently engaged in validating/testing solutions (a CCP dataConnector) with Sentinel and have a few questions regarding the process. Q1: I am following the Sentinel-DataConnector readme guidance…
About "u.dataTypes is undefined" when importing DataConnector json
Hello, I encountered an error "u.dataTypes is undefined" when importing a CPP on Sentinel. I am pretty sure that the table name is correct within my current workspace. Can some one explain this error please? Thanks in advance.
Whenever I try to create microsoft sentinel it shows error
Failed to add Microsoft Sentinel Failed to add Microsoft Sentinel to workspace 'SentinelRG'. The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time period.
Azure Activity Data connector configuration
Hi, I am trying to configure the Azure Activity data connector in my tenant. I have installed the connector and configured the azure policy scoped at my subscription where i have sentinel deployed. In the parameter section I have set my sentinel…
Syslog through AMA (CEF) Connector
Hi, Follwing up on my last question: https://learn.microsoft.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co I have now installed Arc, and the machine is showing up on Azure Arc. The AMA is installed and is…
how to Deploy Sysmon To Receive Logs In Azure Sentinel?
how to Deploy Sysmon To Receive Logs In Azure Sentinel?
Deploy estreamer connector using load balancer
Hi all, I wanted to deploy solution like this. An azure vm, azure sentinel, azure load balancer and Cisco estreamer connector How do I configure the estreamer to point directly to azure load balancer instead of azure vm agent
How to write a kql comparing 2 different tables(signins, threatintelligence) to create alert if the sign in ip matches with the ip reported by threatintelligence.
I tried multiple ways to join the tables but ended up getting multiple errors, and I am not able to call the table that I referred into a variable using the let operator after I refer other table after it. As I was not able to use the first defined…
MS Sentinel - Data Connectors update
Question MS Sentinel in Azure - Data Conenctors In Data Conenctors I have 21 onboarded connectos, 17 connected , 0 updates When I go to "More content at content hub" I can see 17 installed and 3 updates. QS1: Why these 3 updates are not shown…
Automated email sending when running a KQL query
Hello, First of all, I'm quite new in Sentinel/KQL related stuff. I have this very basic KQL query to find sign-ins from countries not included in the "LocationDetails" argument. I'd like to automate this query and, if any results found, send…
AMA+DCR for Syslog & CEF logs. CEF logs in CommonSecurityLog not parsing .
Referring to this article: https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog I trying to solution the following scenario: Using a single Linux log collector to forward both Syslog and CEF events to your Microsoft Sentinel workspaces…
Shannon Entropy evaluation for domains?
Hi, I've found the Entropy calculation for processes running on a device and I've noticed the previously posted questions similar to what I'm asking a few years ago but couldn't find a definitive answer. Just wondering if there is a way of calculating…
How to agentlessly upload logs to a default table in a log analytics workspace?
I have built a system that creates a log analytics workspace and uploads logs to a custom table by following these Microsoft tutorials: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-api?tabs=dcr …
Set total retention period for one or more tables
Hi, I am trying to set the total retention time for one or more log tables using the command az monitor log-analytics workspace table update --subscription <subscription id> --resource-group sentinel --workspace-name <name> --name…
Syslog through AMA connector not showing in the content hub list.
Hi, Trying to set up a syslog ingestion into Sentinel for testing. The setup consists of AMA on a on-prem syslog server. The legacy agent is soon not supported, and the requirement of AMA on-prem is according to Microsoft guides to have the following…
![](https://techprofile.blob.core.windows.net/images/aXuH7oYyEEiHuDJT798imw.png?8D9A0B)
Azure Monitor Agent Fluent Bit CVE-2024-4323.
Hello, two questions about Azure Monitor Agent Fluent Bit exe in regards to CVE-2024-4323. AMA agent installation is using fluent-bit.exe in version 2.0.9 (location C:\Program Files\Azure Monitor Agent\Monitoring\Agent\fluent-bit.exe) I would like…
![](https://techprofile.blob.core.windows.net/images/VfQFAmOikEWfBHko2XlWTA.png?8D7F33)
I and others in my organization are members of "Microsoft Sentinel Contributor" but sometimes we cannot close Sentinel Incidents
I and others in my organization are members of "Microsoft Sentinel Contributor" We can usually close the incidents but sometimes we cannot close them. I have verified my role assignments and since I have the role of "Microsoft Sentinel…
Migrating Sentinel DNS event connector from legacy agent to AMA
Hi I am in the process of migrating the Sentinel Windows security and DNS data connectors from the legacy agent to AMA. We use the DNS audit log 519 events to resolve device names from ip addresses where the device name is not returned in a lookup query.…
How to audit the creator of an Enterprise Application in Azure
Hy I'm trying to get the creator of an "Enterprise Application", as soon as someone is creating one by query below. AuditLogs | where Category =~ "ApplicationManagement" | where OperationName =~ "Add application" | mv-expand…