Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
1 answer
One automation response for all incidents
Hello, I have created analytic rules (Scheduled, Microsoft Security Solution) based incident definition in my Sentinel. As part of the incidents, I wanted to trigger an automation response whenever an incident is created. The automation response…
asked 2020-11-30T07:44:17.34+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 95%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Prasenna Kannan
436
Reputation points
commented 2020-12-02T02:15:37.88+00:00
Prasenna Kannan
436
Reputation points
0 answers
Creating a weekly Azure Sentinel Incident
Hi All, I'd like to create Azure Sentinel alert that runs weekly. We have a web proxy service that defines URL categories and we constantly see a lot of traffic hitting these categories that we would like to review. They are generally blocked (99.9%)…
asked 2020-11-04T16:36:12.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 60%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Christian Lozach
1
Reputation point
commented 2020-11-30T15:09:15.667+00:00
Christian Lozach
1
Reputation point
0 answers
Alerts in Azure | Centralized Dashboard |
Hello, I'm trying to accomplish the below requirements : 1) Whenever a user copy a file from a storage account - file, an alert has to be triggered and incident created. 2) Create an alert when a backup is not successful. 3) Malicious sign-in…
asked 2020-11-16T05:48:06.183+00:00
Prasenna Kannan
436
Reputation points
commented 2020-11-30T07:48:58.59+00:00
Prasenna Kannan
436
Reputation points
3 answers
Notifications about assigned incident in Azure Sentinel
Hi, I want to configure notifications about assigning incident to user. For example, I want to get email alert any time when an incident is assigned to me. Is it possible to configure it? Thank you in advance.
asked 2020-11-16T09:56:02.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Piotr Batruk
1
Reputation point
answered 2020-11-26T15:35:52.507+00:00
Clive Watson - MSFT
106
Reputation points
0 answers
Dashboard on Key Risk Indicators
Hello, We have hosted our data center in Azure which has multiple subscriptions, VNET's, VM's, WVD, PaaS databases etc. We have deployed Azure Sentinnel, Security Center. I'm trying to accomplish the following insights in a single dashboard. 1) Sign on…
asked 2020-11-03T05:04:15.843+00:00
Prasenna Kannan
436
Reputation points
commented 2020-11-26T05:36:57.497+00:00
Prasenna Kannan
436
Reputation points
0 answers
Office 365 ATP analytics rule for Azure Sentinel very slow to create incidents
Hello, I have a demo tenant that we are using to test monitoring of Office 365 ATP Alerts in Azure Sentinel We are using the standard analytics rule that generates an incident when an alert is generated in ATP. It takes HOURS between the time the…
asked 2020-11-02T22:30:59.403+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 68%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGY%3C/text%3E%3C/svg%3E)
Gareth Young
1
Reputation point
commented 2020-11-26T00:50:17.237+00:00
James Hamil
23,216
Reputation points Microsoft Employee
0 answers
Azure Sentinel (Log) Analytics (Workspace)
Dear Sir/Madam, Use Case: Deploying a fast solution for the Mitre Att&ck Framework analysis: https://github.com/BlueTeamLabs/sentinel-attack/wiki Solution we seek: Mass Enable Categories of the Analytics Templates (ask for select, or…
asked 2020-11-19T12:33:12.783+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 82%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
nwsentinel4
201
Reputation points
commented 2020-11-24T00:48:57.763+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
36,411
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Sentinel KQL converting Epoch to normal DateTime
Hello, Is there an Azure Sentinel KQL that will allow me to take EPOCH time and display it as a normal DateTime such as 11/20/2020, 11:24:31.227 AM in a column as standard?
asked 2020-11-20T11:30:26.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Sean
101
Reputation points
commented 2020-11-23T17:48:48.563+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Azure Sentinel - Logic Apps - Provide Slack Webhook URL
Hi, How can we add an Azure Sentinel Logic App - Slack integration with an webhook provided? Authentication seems to be required by a microsoft account for validation. We don't want that. User is authenticated in the browser for slack. Ideally,…
asked 2020-11-16T15:57:01.953+00:00
nwsentinel4
201
Reputation points
accepted 2020-11-18T13:21:27.487+00:00
nwsentinel4
201
Reputation points
1 answer
One of the answers was accepted by the question author.
Secure Sentinnel | Issues from Web Application \ Windows Application
Hello, We are using Azure Secure Sentinnel on our Azure platform. We are setting up a data centre with Firewall, VNET, WVD, VM across subscriptions. In one of the Windows Server 2019, we are going to host a Web Application, Web API & also a…
asked 2020-10-30T07:54:00.513+00:00
Prasenna Kannan
436
Reputation points
accepted 2020-11-01T22:13:09.433+00:00
Prasenna Kannan
436
Reputation points
0 answers
How to prev()
Hello! How do I use prev() to return only results of the same UserDisplayName of the current log? Running the search below gives unexpected output (negative time_between_logins) and the previous log seems to be tied to a different user. Any…
asked 2020-10-15T14:49:24.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashley Van
1
Reputation point
commented 2020-10-28T14:41:38.353+00:00
Clive Watson - MSFT
106
Reputation points
1 answer
Azure Sentinel & Indegy - Dataconnection , custom queries
Any one can share experience in integrating Azure Sentinel & Indegy please!
asked 2020-10-27T14:09:39.457+00:00
Murali Chillakuru
1
Reputation point Microsoft Employee
answered 2020-10-27T20:25:39.95+00:00
James Hamil
23,216
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Pen Test
Hi, does Azure has available reports of its own Pen Test or Red Teaming test?
asked 2020-10-26T21:40:37.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Alessandra Pluchino
21
Reputation points
answered 2020-10-27T14:27:32.103+00:00
Alessandra Pluchino
21
Reputation points
1 answer
Log analytics agent - disrupted internet connection
In the event that the log analytics agent fails to connect to Azure Sentinel (no/disrupted internet connection for example), will the LA Agent hold the logs whilst the connection is down and post to Sentinel when a connection is re-established? Or are…
asked 2020-10-21T14:00:17.393+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 15%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
gary gibson
1
Reputation point
commented 2020-10-22T23:02:03.403+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee
2 answers
Azure SecurityCenter
Hello All, What is the advantages of integration(enabling) of Azure Security Center with Sentinel? What kind of rule we can enable on sentinel for Azure Security Center? Thank You Rohit
asked 2020-07-21T16:19:44.817+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rohit
1
Reputation point
answered 2020-10-21T12:52:37.373+00:00
Jaehong Lee_sb339
1
Reputation point
1 answer
One of the answers was accepted by the question author.
How to add in Sentinel a tenant from Office 365?
The options for MSPS and CSPs to add new tenants to their own Sentinel workspace seems to be a bit of mystery, unless you are using Azure Lighthouse. This is a very common scenario, where the customer has only an Office 365 subscription and no other…
asked 2020-10-13T20:12:48.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 39%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Michael Deacon
21
Reputation points
accepted 2020-10-20T02:06:28.343+00:00
Michael Deacon
21
Reputation points
1 answer
One of the answers was accepted by the question author.
Windows Virtual Desktop Service | Secure Sentinnel | Australia Region
Hello, We are using Azure for our data migration activities. As part of it, we are planning to use Windows Virtual Desktop \ Azure Sentinnel. Based on the products available by region, I can see that Windows Virtual Desktop & Azure Sentinnel is…
asked 2020-10-13T08:21:43.037+00:00
Prasenna Kannan
436
Reputation points
accepted 2020-10-14T21:59:18.45+00:00
Prasenna Kannan
436
Reputation points
1 answer
How to create a playbook in Azure Sentinel that detects, alerts, and removes email forwarding rule(s) from Office 365?
Hi All, I would like to know how to create an Azure Sentinel playbook that does the following: Detects email forwarding rule(s) in Office 365 If there are any, delete the forwarding rule(s) sends an alert email to the admin(s) regarding the…
asked 2020-09-28T17:21:08.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 8%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Muhammad Waqar
1
Reputation point
commented 2020-10-05T18:19:43.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
24,666
Reputation points Microsoft Employee
1 answer
Send AWS CloudWatch events to Azure Sentinel
Have anyone made it possible to send AWS CloudWatch events to Azure Sentinel? Can you please share you setup process?
asked 2020-09-24T09:54:59.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 49%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Adi Dibra
1
Reputation point
answered 2020-09-28T13:36:21.43+00:00
Clive Watson - MSFT
106
Reputation points
1 answer
Manage security alerts in M365 Security Center or Sentinel or separately?
I am having some questions and would like to receive opinions that can contribute. I have the solutions in my environment and I'm in doubt about how to centralize everything. I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp,…
asked 2020-09-15T19:59:12.027+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 0%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Luizao_f
1
Reputation point
commented 2020-09-25T23:42:59.013+00:00
JamesTran-MSFT
36,541
Reputation points Microsoft Employee