Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
2 answers
One of the answers was accepted by the question author.
Azure Sentinel (IIS, SQL, Syslog server)
Hello, I am new to Azure Sentinel - so i need to implement this solution. So basically i need to collect logs from Active Directory, IIS, SQL Server make SYSLOG (linux) server which will collect Windows Firewall Logs and then send it's to Syslog…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
1 answer
Missing indicators from Graph Security API submission
Hi Community, Using the Graph Security API, I submitted 1.9 million unique network ip indicators to my Sentinel workspace with concurrent threads. I verified the count via responses from the API. However, the sentinel only shows the ingestion of…
asked 2021-01-10T09:04:49.537+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SentinelNoob
191
Reputation points
answered 2021-01-12T18:27:16.3+00:00
Deva-MSFT
2,256
Reputation points Microsoft Employee
2 answers
Azure Sentinel estimated cost
I understand Azure Sentinel charged by volume of data ingested But I have no idea how many data the following azure services will ingesting to Sentinel Windows server virtual machines Azure SQL server Fortigate Firewall Azure AD …
asked 2020-08-06T05:06:18.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 40%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
barry.wong
1
Reputation point
answered 2021-01-11T17:46:20.06+00:00
Luis Antonio Márquez
1
Reputation point
1 answer
Log filtering on Azure Sentinel
how to optimize the logs that are being ingested to Azure Sentinel ? Either on prem logs or cloud logs . Can we do any filtering before the log sits in log analytics work space ? if so, how can we add the filtering
asked 2020-12-09T06:53:52.423+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 10%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
pavan kemisetti
1
Reputation point
commented 2021-01-08T09:20:52.527+00:00
pavan kemisetti
1
Reputation point
1 answer
Defender ATP - Query failed, how to investigate
Hello, This morning, we've had an issue with one of our custom rules in Microsoft Defender ATP. For a two hour period, the query returned several false positives, which points us to one of the threat intelligence functions (FileProfile()) either…
asked 2021-01-07T08:37:20.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 88%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETJ%3C/text%3E%3C/svg%3E)
Tetera, Jakub
6
Reputation points
answered 2021-01-08T07:42:27.033+00:00
Candy Luo
12,686
Reputation points Microsoft Vendor
0 answers
Azure Sentinel - SQL Audit
Hello, Recently i configure SQL Audit and audit server specifications to collect SQL logs and send it to Application. Also i installed MMA agent on SQL server and configured that Event Viewer -> Application logs (MSSQLSERVER) will be delivered to…
0 answers
Azure Sentinel Azure AD logs
Hello, I have a question about Azure AD Logs sending to Azure Sentinel. I have all prerequisites and connected Azure AD to Azure Sentinel But i didn't receive any logs and Azure AD data connector status is What could be the cause?…
2 answers
One of the answers was accepted by the question author.
Can I trigger playbook from alert Status?
I'm trying to create incidents in ServiceNow whenever an Alert is set to "Active" inside of Sentinel. Is there a playbook trigger for this? Or a way to do this without creating another alert?
5 answers
Azure Sentinel office 365 Tenant Permissions
Hello Thanks for reading my post Hopefully, this is simple to sort out but I seem to be going around in circles setting up a test office 365 and Azure environment - things seem to go well until I ran into this issue following along this…
asked 2021-01-03T15:10:17.247+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 11%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thomas Black
1
Reputation point
commented 2021-01-05T16:38:51.543+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Setinel Lookup queries logs
Hello, I configuret Azure Sentinel Workspace. Installed MMA agent on DNS server and enabled DNS logging. And added DNS log event to workspace configuratian. I am receiving logs about DNS dynamic updates but don't get Lookup Query logs. DNS debug…
1 answer
Automated Response for Microsoft Security Rules | Azure Sentinel
Hello, I have created a playbook to orchestrate automated response which will trigger an email with the alert details. I'm able to associate the playbook with scheduled rule analytic rule, however I'm unable to associated with Microsoft Security…
asked 2020-12-01T07:02:56.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 95%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Prasenna Kannan
436
Reputation points
answered 2021-01-04T16:08:08.933+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 56.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
John Nephin
1
Reputation point
2 answers
Sentinel Crashing when Running Lookup Search. Trying to find stale Firewall rules.
Hello, I'm trying to implement a lookup search that takes a lookup of all of our firewall rules and correlates it with our firewall data to then output what firewall rules are NOT present in the firewall logs. This is to trim down on any stale firewall…
asked 2020-12-17T20:00:09.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 60%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Christian Lozach
1
Reputation point
answered 2021-01-04T08:29:58.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 78%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYF%3C/text%3E%3C/svg%3E)
Yaron Fruchtmann
1
Reputation point Microsoft Employee
0 answers
Defender for Endpoint Users Not in MCAS
Hey! We've onboarded 15 users into Defender for Endpoint. Now that we've got the Sentinel Connector turned on to get the raw logs, we can see these machines/users reporting in. However, only 10 of these users show in the MCAS Cloud Discovery Dashboard.…
asked 2020-12-28T17:04:08.603+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 52%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Sam C
46
Reputation points
commented 2020-12-30T00:43:02.6+00:00
James Hamil
23,216
Reputation points Microsoft Employee
0 answers
[Sentinel] No Azure AD Sign-in logs in my workbook
Hello, I've been trying to use the Azure AD Sign-in logs workbook to see my user's sign ins and I can't get it to work. I definitely see the Audits but no logins even though there are. At this point I have chosen to display only logins and the…
asked 2020-12-18T10:59:51.683+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 25%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DP
1
Reputation point
commented 2020-12-22T04:07:55.07+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
VipulSparsh-MSFT
16,256
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure sentinel Azure AD logs
Hello, I have question about Azure sentinel Azure AD "data connectors". If my Azure sentinel is in subscription number 2. And i configure azure sentinel. I want to install Azure AD connector to get information from other AD tenant where…
0 answers
Send syslog server logs to Azure Sentinel through log analytics gateway
Team, I have a scenario where one of our customer wanted to send the syslog data to Sentinel through log analytics gateway. We tried to simulate this on our lab but we were facing issues with the successful installation. Can we have a steps where we can…
asked 2020-12-10T08:08:17.75+00:00
pavan kemisetti
1
Reputation point
commented 2020-12-12T00:39:23.843+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee
1 answer
Azure Sentinel and NTP Server
Hi, I have a general question regarding Azure Sentinel and its integration/usage of NTP server for time source synchronization. Do you implement a vote system to ensure accuracy and integrity of the NTP source since NTP is not an authenticated…
asked 2020-12-09T14:28:07.763+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 51%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Tanguy NGUYEN
6
Reputation points
answered 2020-12-11T21:39:03.29+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee
1 answer
Azure Logic App connector for Teams - Forbidden.
Hi all, I am trying to test a simple integration between Azure Sentinel and Teams. In my current setup I try to use the Post Message connector from Teams - https://learn.microsoft.com/en-us/connectors/teams/#post-a-message-(v3)-(preview). However,…
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,621 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,996 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
asked 2020-12-08T13:16:05.493+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 70%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Alexandru Stamate
1
Reputation point
commented 2020-12-10T11:01:01.197+00:00
Alexandru Stamate
1
Reputation point
0 answers
Gathering AWS CloudTrail logs from multiple accounts in a single bucket (AWS Control Tower)
Our organization is using an AWS multi-account structure, and we leverage AWS Control Tower to provision accounts, handle certain security restrictions, and centralize CloudTrail logs. With Control Tower, the CloudTrail logs of all accounts end up in a…
asked 2020-12-02T20:28:04.297+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 23%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG1%3C/text%3E%3C/svg%3E)
GS-1714
6
Reputation points
commented 2020-12-07T04:43:05.507+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj
7,581
Reputation points Microsoft Employee
0 answers
Export Security Center recommendations to log analytics
Hello, Sentinel is connect to a log analytics workspace and through data connectors I have connected to Security Center. Security Alerts are getting synchronised in Sentinel and I'm able to query it in SecurityAlert table in LA. I wanted to bring…
asked 2020-12-04T06:00:49.07+00:00
Prasenna Kannan
436
Reputation points
commented 2020-12-04T23:10:25.077+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee