How to install Content Hub solutions via Bicep?
We are trying to deploy Sentinel as IaC and we'd like to install various different content hub solutions via Bicep, we are getting no errors, and inside Content Hub we can see the Solution is installed - but no connector is showing. Below is Bicep I am…
Wanted to remove the emails which are not quarantined by the Defender, from the users email boxes
Can any one help me with this, i tried in multiple ways but not working, this should be worked on Email subject, based on the subject emails should be removed from the emailboxes
Trying to give a user rights to MS Sentential but nothing else inside of Aure
Right now I am trying to give a user rights to MS Sentential to customize it but not give admin access to Azure. Here is what I have created so far but Still getting issues. { "properties": { "roleName": "MS Azure…
Cloudflare Data Connector Error: `Provided WorkspaceResourceId is invalid (Code: BadRequest)`
I am trying to deploy the Cloudflare (preview) (using Azure Functions) Microsoft Sentinel | Data Connector. I have installed the connector and select Option 1 - Deploy to Azure button. I have provided the following parameters: To obtain the App Insights…
How to enable EUBA via bicep / ARM template
We are trying to deploy Microsoft Sentinel as code and we would like to enable EUBA as part of the Bicep template but we cannot figure out how to. Does anyone know how we can enable EUBA via an ARM/Bicep template?
Trying to add Microsoft Sentinel to a Log Analytics Workspace in Azure but keep getting error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time period"
I am trying to add Microsoft Sentinel to a Log Analytics Workspace connected to a Virtual Machine in the Azure portal but keep getting the error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time…
Syslog through AMA (CEF) Connector
Hi, Follwing up on my last question: https://learn.microsoft.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co I have now installed Arc, and the machine is showing up on Azure Arc. The AMA is installed and is…
How to ingest NetFlow into Sentinel
Is there a Sentinel connector for Cisco NetFlow ?
Microsoft Sentinel - Add note to table or function in KQL
Hello I was wondering if there is a way to attach a note to a specific table or function in KQL so that an analyst using the table will see it when they use it in a query? I work for an MSSP providing managed Sentinel SIEM. Analyst will regularly create…
Sentinel watchlists import issue when the field starts or ends with double quotes
Hi team, I wanted to report a bug that was present in Microsoft Sentinel for a long time and it was not addressed by Microsoft yet. The bug is present in the Sentinel watchlists. When you create a new watchlist with any random fields and then you edit…
we noticed that Sentinel connectors page is not accessible in our Prod environment. is that a global issue?
we noticed that Sentinel connectors page is not accessible in our Prod environment. is that a global issue? thanks
Trend Micro Deep Security Data Connector in AMA
I am deploying and configuring Sentinel for a new customer. To my surprise today I found that the data connector used for the integration of TrenMicro DeepSecurity only supports integration via OMS/MMA. This agent will be decommissioned in August and I…
Microsoft Defender Threat Intelligence honeypot
Hi, I've added the Microsoft Defender Threat Intelligence Data Connector to Sentinel and I get thousands of honeypot alerts in the Threat Intelligence page, how can I filter these notifications?
Monitor Sentinel environment.
We are entering into an arrangement with a vendor who is supposed to monitor our Sentinel environment for us. They wanted to use Azure Lighthouse to enable access to our tenant, but we want to do this in the least privileged way - we only want to give…
Export Logs from Log Analytics Workspace to Blob Storage
Hi all, I have a Log Analytics Workspace that is linked to Sentinel. I have a lot of logs that I need to export from the Workspace into Blob Storage. Th logs date back 30 days and it is about 400GB, it is about 500 million logs. Please let me know what…
Is there a way to Query all Table Schemas to count How many Columns every Table in Sentinel has using KQL
I am Trying to return a list of tables where they have more than a certain amount of columns, get schema works but it would be a painful task to run it for every table. The Table name is also not maintained when you run getSchema so I tried to union all…
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
How do i troubleshoot after PR's issued?
Hello, We have submitted a pull request to GitHub for our Sentinel Solution. I noticed that the pipeline checks, as shown below, include some unresolved issues that are confusing to us. Could you please let us know who we should contact to resolve these…
Azure virtual desktop session alerts triggered by hostname changes
Our Azure virtual desktop keeps raising "pass the ticket" attack alerts when the hostname of our computers changes from <hostname> to <hostname>-<random number>. However, our security logs remain the same inside the SIEM,…
![](https://techprofile.blob.core.windows.net/images/ZuCGjNGWaEiWnbswF6AtpA.png?8DA64C)
Scaling your CICD pipeline - Default parameter file is not being used
I am currently working on a CICD pipeline in combination with MS Sentinel content. I just got in touch with the repository and the process of handling parameter files. I am just asking myself why the default parameter file is not being used. All of my…
How to execute microsoft sentinel's backups and recovery
Hi, I'm starting in Microsoft Sentinel and read a lot of documents but I couldn't find anything about backup and recovery. Anybody know something about this? Please give some advices Thank you in advance Best regards,