Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,063 questions
0 answers
How to install Content Hub solutions via Bicep?
We are trying to deploy Sentinel as IaC and we'd like to install various different content hub solutions via Bicep, we are getting no errors, and inside Content Hub we can see the Solution is installed - but no connector is showing. Below is Bicep I am…
asked 2024-07-23T23:13:25.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 96%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Matthew Jensen
20
Reputation points
commented 2024-07-24T17:34:01.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 89%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIC%3C/text%3E%3C/svg%3E)
Iheanacho Chukwu
195
Reputation points
0 answers
Wanted to remove the emails which are not quarantined by the Defender, from the users email boxes
Can any one help me with this, i tried in multiple ways but not working, this should be worked on Email subject, based on the subject emails should be removed from the emailboxes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 33%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Trying to give a user rights to MS Sentential but nothing else inside of Aure
Right now I am trying to give a user rights to MS Sentential to customize it but not give admin access to Azure. Here is what I have created so far but Still getting issues. { "properties": { "roleName": "MS Azure…
asked 2024-07-24T10:27:54.5866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 71%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPW%3C/text%3E%3C/svg%3E)
Peter Wilcox
1
Reputation point
accepted 2024-07-24T12:28:54.46+00:00
Peter Wilcox
1
Reputation point
2 answers
Cloudflare Data Connector Error: `Provided WorkspaceResourceId is invalid (Code: BadRequest)`
I am trying to deploy the Cloudflare (preview) (using Azure Functions) Microsoft Sentinel | Data Connector. I have installed the connector and select Option 1 - Deploy to Azure button. I have provided the following parameters: To obtain the App Insights…
asked 2024-07-23T09:19:37.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 51%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Ben Smith
0
Reputation points
answered 2024-07-24T10:59:55.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
29,531
Reputation points Microsoft Employee
2 answers
How to enable EUBA via bicep / ARM template
We are trying to deploy Microsoft Sentinel as code and we would like to enable EUBA as part of the Bicep template but we cannot figure out how to. Does anyone know how we can enable EUBA via an ARM/Bicep template?
asked 2024-07-22T11:30:26.68+00:00
Matthew Jensen
20
Reputation points
answered 2024-07-24T07:42:37.44+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
30,851
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Trying to add Microsoft Sentinel to a Log Analytics Workspace in Azure but keep getting error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time period"
I am trying to add Microsoft Sentinel to a Log Analytics Workspace connected to a Virtual Machine in the Azure portal but keep getting the error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time…
asked 2024-06-27T04:27:49.0766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 16%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Aaqib Ali
30
Reputation points
commented 2024-07-23T20:09:31.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 14.000000000000002%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Craig Chambers
0
Reputation points
1 answer
Syslog through AMA (CEF) Connector
Hi, Follwing up on my last question: https://learn.microsoft.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co I have now installed Arc, and the machine is showing up on Azure Arc. The AMA is installed and is…
asked 2024-06-11T10:30:54.9766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBE%3C/text%3E%3C/svg%3E)
Bl()e
25
Reputation points
answered 2024-07-23T11:25:54.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 78%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Maxime Tremblay
0
Reputation points
1 answer
How to ingest NetFlow into Sentinel
Is there a Sentinel connector for Cisco NetFlow ?
asked 2024-07-18T13:32:34.2833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Chad Hutchings
0
Reputation points Microsoft Employee
commented 2024-07-23T06:21:07.32+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
1 answer
Microsoft Sentinel - Add note to table or function in KQL
Hello I was wondering if there is a way to attach a note to a specific table or function in KQL so that an analyst using the table will see it when they use it in a query? I work for an MSSP providing managed Sentinel SIEM. Analyst will regularly create…
asked 2024-07-17T11:55:15.95+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 9%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
jake stewart
0
Reputation points
commented 2024-07-23T06:15:13.84+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
0 answers
Sentinel watchlists import issue when the field starts or ends with double quotes
Hi team, I wanted to report a bug that was present in Microsoft Sentinel for a long time and it was not addressed by Microsoft yet. The bug is present in the Sentinel watchlists. When you create a new watchlist with any random fields and then you edit…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 53%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
we noticed that Sentinel connectors page is not accessible in our Prod environment. is that a global issue?
we noticed that Sentinel connectors page is not accessible in our Prod environment. is that a global issue? thanks
asked 2024-07-19T13:46:52.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 90%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Johari, Shahla
25
Reputation points
accepted 2024-07-22T12:53:53.0733333+00:00
Johari, Shahla
25
Reputation points
1 answer
Trend Micro Deep Security Data Connector in AMA
I am deploying and configuring Sentinel for a new customer. To my surprise today I found that the data connector used for the integration of TrenMicro DeepSecurity only supports integration via OMS/MMA. This agent will be decommissioned in August and I…
asked 2024-07-19T09:56:51.57+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 67%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Eduardo Vilar
0
Reputation points
answered 2024-07-22T06:09:55.0766667+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Microsoft Defender Threat Intelligence honeypot
Hi, I've added the Microsoft Defender Threat Intelligence Data Connector to Sentinel and I get thousands of honeypot alerts in the Threat Intelligence page, how can I filter these notifications?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 84%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
Monitor Sentinel environment.
We are entering into an arrangement with a vendor who is supposed to monitor our Sentinel environment for us. They wanted to use Azure Lighthouse to enable access to our tenant, but we want to do this in the least privileged way - we only want to give…
asked 2024-07-18T13:56:20.4733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 22%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Schifter, Gabriela
160
Reputation points
commented 2024-07-19T10:22:22.19+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
3 answers
Export Logs from Log Analytics Workspace to Blob Storage
Hi all, I have a Log Analytics Workspace that is linked to Sentinel. I have a lot of logs that I need to export from the Workspace into Blob Storage. Th logs date back 30 days and it is about 400GB, it is about 500 million logs. Please let me know what…
asked 2024-07-11T12:37:19.9733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 32%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Adriaan Boshoff
0
Reputation points
commented 2024-07-19T00:05:22.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KarishmaTiwari-MSFT
18,877
Reputation points Microsoft Employee
1 answer
Is there a way to Query all Table Schemas to count How many Columns every Table in Sentinel has using KQL
I am Trying to return a list of tables where they have more than a certain amount of columns, get schema works but it would be a painful task to run it for every table. The Table name is also not maintained when you run getSchema so I tried to union all…
asked 2024-07-16T11:52:21.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 12%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Andrew Ryan
0
Reputation points
commented 2024-07-18T21:01:48.4766667+00:00
James Hamil
23,216
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How do i troubleshoot after PR's issued?
Hello, We have submitted a pull request to GitHub for our Sentinel Solution. I noticed that the pipeline checks, as shown below, include some unresolved issues that are confusing to us. Could you please let us know who we should contact to resolve these…
asked 2024-07-18T04:19:34.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
LXF
200
Reputation points
edited the question 2024-07-18T07:32:52.8066667+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
0 answers
Azure virtual desktop session alerts triggered by hostname changes
Our Azure virtual desktop keeps raising "pass the ticket" attack alerts when the hostname of our computers changes from <hostname> to <hostname>-<random number>. However, our security logs remain the same inside the SIEM,…
asked 2024-07-16T04:55:47.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Heath Smart Dylan
0
Reputation points
commented 2024-07-17T07:16:51.0433333+00:00
Prrudram-MSFT
23,131
Reputation points
0 answers
Scaling your CICD pipeline - Default parameter file is not being used
I am currently working on a CICD pipeline in combination with MS Sentinel content. I just got in touch with the repository and the process of handling parameter files. I am just asking myself why the default parameter file is not being used. All of my…
asked 2024-07-16T09:17:24.5566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWN%3C/text%3E%3C/svg%3E)
Wagner Nico
0
Reputation points
commented 2024-07-16T14:56:08.82+00:00
Givary-MSFT
30,851
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
How to execute microsoft sentinel's backups and recovery
Hi, I'm starting in Microsoft Sentinel and read a lot of documents but I couldn't find anything about backup and recovery. Anybody know something about this? Please give some advices Thank you in advance Best regards,
asked 2022-03-02T19:58:55.197+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 42%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Nelba Sanchez
21
Reputation points
commented 2024-07-16T11:38:38.1433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 95%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
Ngo, Thanh
0
Reputation points