Azure Sentinel (IIS, SQL, Syslog server)
Hello, I am new to Azure Sentinel - so i need to implement this solution. So basically i need to collect logs from Active Directory, IIS, SQL Server make SYSLOG (linux) server which will collect Windows Firewall Logs and then send it's to Syslog…
Missing indicators from Graph Security API submission
Hi Community, Using the Graph Security API, I submitted 1.9 million unique network ip indicators to my Sentinel workspace with concurrent threads. I verified the count via responses from the API. However, the sentinel only shows the ingestion of…
![](https://techprofile.blob.core.windows.net/images/1qa5d6FJSkWl57w5zQc_hQ.png?8D8956)
Azure Sentinel estimated cost
I understand Azure Sentinel charged by volume of data ingested But I have no idea how many data the following azure services will ingesting to Sentinel Windows server virtual machines Azure SQL server Fortigate Firewall Azure AD …
![](https://techprofile.blob.core.windows.net/images/--vRRWPLukuYE-t1V20z3w.png?8D8562)
Log filtering on Azure Sentinel
how to optimize the logs that are being ingested to Azure Sentinel ? Either on prem logs or cloud logs . Can we do any filtering before the log sits in log analytics work space ? if so, how can we add the filtering
Defender ATP - Query failed, how to investigate
Hello, This morning, we've had an issue with one of our custom rules in Microsoft Defender ATP. For a two hour period, the query returned several false positives, which points us to one of the threat intelligence functions (FileProfile()) either…
![](https://techprofile.blob.core.windows.net/images/Lk9Z6O_Zg0W6xBUdS3lUsg.png?8D8286)
Azure Sentinel - SQL Audit
Hello, Recently i configure SQL Audit and audit server specifications to collect SQL logs and send it to Application. Also i installed MMA agent on SQL server and configured that Event Viewer -> Application logs (MSSQLSERVER) will be delivered to…
Azure Sentinel Azure AD logs
Hello, I have a question about Azure AD Logs sending to Azure Sentinel. I have all prerequisites and connected Azure AD to Azure Sentinel But i didn't receive any logs and Azure AD data connector status is What could be the cause?…
Can I trigger playbook from alert Status?
I'm trying to create incidents in ServiceNow whenever an Alert is set to "Active" inside of Sentinel. Is there a playbook trigger for this? Or a way to do this without creating another alert?
Azure Sentinel office 365 Tenant Permissions
Hello Thanks for reading my post Hopefully, this is simple to sort out but I seem to be going around in circles setting up a test office 365 and Azure environment - things seem to go well until I ran into this issue following along this…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Azure Setinel Lookup queries logs
Hello, I configuret Azure Sentinel Workspace. Installed MMA agent on DNS server and enabled DNS logging. And added DNS log event to workspace configuratian. I am receiving logs about DNS dynamic updates but don't get Lookup Query logs. DNS debug…
Automated Response for Microsoft Security Rules | Azure Sentinel
Hello, I have created a playbook to orchestrate automated response which will trigger an email with the alert details. I'm able to associate the playbook with scheduled rule analytic rule, however I'm unable to associated with Microsoft Security…
Sentinel Crashing when Running Lookup Search. Trying to find stale Firewall rules.
Hello, I'm trying to implement a lookup search that takes a lookup of all of our firewall rules and correlates it with our firewall data to then output what firewall rules are NOT present in the firewall logs. This is to trim down on any stale firewall…
Defender for Endpoint Users Not in MCAS
Hey! We've onboarded 15 users into Defender for Endpoint. Now that we've got the Sentinel Connector turned on to get the raw logs, we can see these machines/users reporting in. However, only 10 of these users show in the MCAS Cloud Discovery Dashboard.…
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
[Sentinel] No Azure AD Sign-in logs in my workbook
Hello, I've been trying to use the Azure AD Sign-in logs workbook to see my user's sign ins and I can't get it to work. I definitely see the Audits but no logins even though there are. At this point I have chosen to display only logins and the…
Azure sentinel Azure AD logs
Hello, I have question about Azure sentinel Azure AD "data connectors". If my Azure sentinel is in subscription number 2. And i configure azure sentinel. I want to install Azure AD connector to get information from other AD tenant where…
Send syslog server logs to Azure Sentinel through log analytics gateway
Team, I have a scenario where one of our customer wanted to send the syslog data to Sentinel through log analytics gateway. We tried to simulate this on our lab but we were facing issues with the successful installation. Can we have a steps where we can…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Azure Sentinel and NTP Server
Hi, I have a general question regarding Azure Sentinel and its integration/usage of NTP server for time source synchronization. Do you implement a vote system to ensure accuracy and integrity of the NTP source since NTP is not an authenticated…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Azure Logic App connector for Teams - Forbidden.
Hi all, I am trying to test a simple integration between Azure Sentinel and Teams. In my current setup I try to use the Post Message connector from Teams - https://learn.microsoft.com/en-us/connectors/teams/#post-a-message-(v3)-(preview). However,…
Gathering AWS CloudTrail logs from multiple accounts in a single bucket (AWS Control Tower)
Our organization is using an AWS multi-account structure, and we leverage AWS Control Tower to provision accounts, handle certain security restrictions, and centralize CloudTrail logs. With Control Tower, the CloudTrail logs of all accounts end up in a…
Export Security Center recommendations to log analytics
Hello, Sentinel is connect to a log analytics workspace and through data connectors I have connected to Security Center. Security Alerts are getting synchronised in Sentinel and I'm able to query it in SecurityAlert table in LA. I wanted to bring…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)