Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
1 answer
Segregating and Identifying Alerts in Sentinel Workspace
I am seeking a method to segregate alerts in a Sentinel workspace to facilitate easier identification and prioritization. For instance, if we have multiple clients' logs in a single workspace, we need a way to identify and segregate alerts based on the…
asked 2024-07-03T04:32:08.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Someiah C S
80
Reputation points
edited a comment 2024-07-04T14:18:20.69+00:00
Andrew Blumhardt
9,831
Reputation points Microsoft Employee
0 answers
Regarding None Accounts Adding to Security Enabled Local, Global and Universal Groups
Hello Team, Greetings!! During our monitoring activities in Sentinel, we have observed that some non-accounts have been added to security-enabled local, global, and universal groups. Could you please provide insight into why this activity is being…
asked 2024-07-03T16:54:11.04+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 83%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Srisaiteja Palle
20
Reputation points
commented 2024-07-04T04:27:36.5666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
16,201
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Find creation date of custom analytical rule created in Sentinel
Hi all, I am aiming to find the number of new analytical rules created per month (including custom as well as from github deployed), as well as the existing total per month on Sentinel for the last 2 months and present it to a Sentinel workbook. How…
2 answers
One of the answers was accepted by the question author.
How to disconnect Azure Sentinel data connectors?
In Sentinel I cant able to find an option to disconnect the data connectors . And there are no documents available for the same. So what are the methods to disconnect a data connector inside sentinel for both native and non native products. When I…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
1 answer
Stop Creating Incidents in Sentinel For every Alert generated by Custom detection rule in defender for endpoint
Hi Team, I have created a custom rule in Defender with KQL query to get the details about Device & owners of Vulnerable machines. So results are having rows more than 1500, and its generating that many alerts in defender. And same events are getting…
asked 2024-06-25T17:06:28.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Disha Bodade
65
Reputation points
commented 2024-07-03T05:50:47.05+00:00
Disha Bodade
65
Reputation points
0 answers
API Version Discrepancies for 'Data Connector Definitions' in Sentinel
Hello MS Community, Would you please help explain the discrepancy regarding API references to "data connector definitions"? I noticed the API related link…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
How connectivityCriteria works in Sentinel
Regarding the below sample json-code, I am trying to understand how the connectivityCriteria/IsConnectedQuery functions in Azure Sentinel. 1/Specifically, what happens when the KQL query within returns a positive result? 2/And suppose our server hasn't…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
0 answers
how Azure ARM templates process placeholders please?
Could you explain how Azure ARM templates process placeholders and variables during deployment, especially comparing the '[variables]' syntax with templating mechanisms like {{variables}}? I see some of the codes (from Sentinel Solution folder @ github)…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
One of the answers was accepted by the question author.
Analytic rules in Sentinel Solutions
I am going to provide analytic rules in Sentinel's Solutions. I've observed that All the solutions by other companies available on Microsoft Sentinel Github contains .yaml file for analytic rules, but Azure's wiki/documentation does not mandate that…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
One of the answers was accepted by the question author.
Preparing Sentinel Content and ARM Template Files
I am preparing Sentinel content (a dataConector) as outlined in the steps (from "\sentinel_with_ContentHub\Azure-Sentinel\Solutions\readme.md")shown in the below picture. Could you please confirm my understanding? Thank you in advance! In…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
0 answers
logo size for Sentinel Content Preparation
Hello, I am preparing the Sentinel content according to the following steps from github, my question is if there's requirement about the size of the logo? Thanks.
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
One of the answers was accepted by the question author.
Data Connector Types in Azure Sentinel
Hello Community, We've noted that there are various types of "Microsoft.SecurityInsights/dataConnectors," such as "RestApiPoller" and "GenericUI." Our case is that our service is hosted on other clouds, and we aim to…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
One of the answers was accepted by the question author.
Custom Data Connector into Sentinel Content-Hub
Hello Microsoft Community, We are planning to build & integrate our custom data connector into the Sentinel Content-Hub to enable data analysis services for our customers who are interested in Azure Sentinel. And our data, which is unique and…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
One of the answers was accepted by the question author.
How Do I Configure JSON Items for Different Types of Data Connectors?
Hello, I'm wondering if there're any wiki pages that give explanation and how to properly configure the data connectors. Thank you! I've been exploring the variety of data connectors available in Azure, such as GenericUI, APIPolling, and others, through…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
1 answer
Azure Activity Log Data Connector Configuration
Hi, Recently, I onboarded Azure activity by following the instructions on the data connector page and completed the configuration successfully. This process involved creating a policy to send the logs to the log analytics workspace. During the setup, I…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
asked 2024-05-20T08:13:54.5633333+00:00
Someiah C S
80
Reputation points
edited the question 2024-07-03T04:19:55.0133333+00:00
Ryan Hill
26,866
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Failed to save analytics rule query.
I can create any active analytics rule query in Microsoft Sentinel. While trying to create a new one a error occurs: "Failed to save the analytics rule query. Log Analytics workspace 'xxx' could not be found." It started when the previous…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E3%3C/text%3E%3C/svg%3E)
2 answers
Sentinel - Teams Playbook
Hi, I'm working on setting up a simple playbook to receive notifications for new incidents created in Sentinel, with an option to assign the incident. I've created an adaptive card (see below) and set up the playbook based on the instructions in a blog…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
asked 2024-04-09T07:29:27.5933333+00:00
Someiah C S
80
Reputation points
edited the question 2024-07-03T04:15:39.6233333+00:00
Ryan Hill
26,866
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Microsoft sentinel - Data connector shows disconnected after installing
We recently activated Sentinel to give it a trial run. I set up a separate workspace for Sentinel and installed some data connectors. However, the WAF is still showing as disconnected even after installing and configuring it. We've only got WAF, not…
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
236 questions
asked 2024-04-03T09:28:25.2866667+00:00
Someiah C S
80
Reputation points
edited the question 2024-07-03T04:15:12.19+00:00
Ryan Hill
26,866
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Trying to add Microsoft Sentinel to a Log Analytics Workspace in Azure but keep getting error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time period"
I am trying to add Microsoft Sentinel to a Log Analytics Workspace connected to a Virtual Machine in the Azure portal but keep getting the error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 16%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Syslog Transformation DCR not working
I need assistance troubleshooting a Syslog Transformation DCR used with Microsoft Sentinel. The Transformation DCR looks to work correctly in the Create Transformation wizard, but doesn't actually filter out the records. I have a few Syslog/CEF…
asked 2024-05-29T16:03:21.6833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 54%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Greg Sneed
20
Reputation points
accepted 2024-07-02T12:15:19.8933333+00:00
Greg Sneed
20
Reputation points