Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,029 questions
0 answers
Configuration problem with Sentinel connector for Cisco Umbrella
In attempting to deploy the Microsoft Sentinel connector Cisco Umbrella (using Azure Functions) and following what appears to be an incomplete explanation at https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/cisco-umbrella which does seem…
asked 2024-10-19T07:22:43.27+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 22%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Geoffrey Day
0
Reputation points
asked 2024-10-19T07:22:43.27+00:00
Geoffrey Day
0
Reputation points
0 answers
Lighthouse Offer - I cannot add System Managed Identities to my customers Logic Apps
I have my roles delegated, I am in the correct AD groups on my tenant. However, when I got into a Logic App, and try to assign a System Assigned Managed Identity, I keep on getting the following error message: Failed to add Resource as Microsoft…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 49%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
0 answers
Unable to create sentinel lab solution from marketplace
Hello, Unable to create sentinel lab solution from marketplace. It keeps saying terminal provisioning failure,
asked 2024-10-18T05:43:05.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 1%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES3%3C/text%3E%3C/svg%3E)
SantoshHaribabu-3135
41
Reputation points
asked 2024-10-18T05:43:05.76+00:00
SantoshHaribabu-3135
41
Reputation points
0 answers
Verification Failed when trying to deploy custom Sentinel template on Azure
Hello, I am having an issue deploying my custom Sentinel template in which I can't get validated because I don't have the write permissions for 'microsoft.aadiam/diagnosticSettings/write' at scope…
asked 2024-10-17T22:08:47.4633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 14.000000000000002%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
Aviv Yaaran
0
Reputation points
asked 2024-10-17T22:08:47.4633333+00:00
Aviv Yaaran
0
Reputation points
0 answers
Incidents in Microsoft Sentinel Auto-Closing Without Automation Rules
I'm currently using Microsoft Sentinel and noticing that some incidents are automatically closing themselves, sometimes with the reason "resolved at source" or no comment at all. I've checked for any automation rules or playbooks that might be…
asked 2024-10-17T14:15:27.48+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 60%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Hyago Santana Mariano
0
Reputation points
asked 2024-10-17T14:15:27.48+00:00
Hyago Santana Mariano
0
Reputation points
2 answers
Azure Windows VM login related logs not getting ingested in MS SENTINEL logs
azure-sentinel-log-unavailable-for-windows-VM-1.jpgAzure Windows VM login related logs not getting ingested in MS SENTINEL logs. I have created a VM (windows 10) and trying to do successful and failed login attemps, but I am unable to see the related…
asked 2024-10-12T13:22:13.5766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 24%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Manish Aggarwal
0
Reputation points
answered 2024-10-15T15:22:21.81+00:00
Manish Aggarwal
0
Reputation points
0 answers
Cant Import Sentinel Alert Rules
Good morning, I am having difficulty importing sentinel rules after I deleted old ones. I deleted the old rules on friday 9/27 9am EST and am getting the error the rule with ID 'xyz' was recently deleted. You need to allow some time before re-using the…
asked 2024-09-30T13:22:40.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Eugene Golovanyuk
10
Reputation points
commented 2024-10-15T04:24:12.5366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED8%3C/text%3E%3C/svg%3E)
Dave-8102
0
Reputation points
2 answers
One of the answers was accepted by the question author.
Workspace is created but not available as drop down in VMware ESXi
While creating VMware ESXi there is step to create "workspace". we have created a workspace successfully by assigning Region and Resource group...etc we can see the workspace listed as well. But while creating VMware ESXi - under workspace…
asked 2023-05-22T10:20:42.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 78%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Siddharth Bhonde
20
Reputation points
answered 2024-10-14T18:43:31.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 57.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Andrew Westhoff (MINDTREE LIMITED)
0
Reputation points Microsoft Vendor
1 answer
Restricting GCP Workload Identity Authentication to Specific Azure Sentinel Data Connectors
I have to ingest gcp audit log to azure sentinel pubsub audit log connector and authentication should be done using gcp workload identity I have created the setup and it's working fine in this setup while setting up provider issuer and one of the allowed…
asked 2024-10-07T10:47:26.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 54%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
sheetal soni
0
Reputation points
commented 2024-10-14T11:53:23.3133333+00:00
sheetal soni
0
Reputation points
1 answer
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:28:02.2866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 97%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Robbe Willeme
5
Reputation points
edited a comment 2024-10-11T18:23:46.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Matthew Jensen
0
Reputation points
0 answers
While setting up Microsoft Azure Sentinel, data connector not showing green for "Azure Activity" setup
Hello Team, I am trying to begin my hands on learning on Azure Sentinel, and while progressing with that I am facing an issue where I have done below and I am unable to proceed further because I am unable to see the green color for Data Connector…
asked 2024-10-11T16:44:15.28+00:00
Manish Aggarwal
0
Reputation points
asked 2024-10-11T16:44:15.28+00:00
Manish Aggarwal
0
Reputation points
1 answer
Error Logs Ingestion API into Sentinel
Logs ingestion API implementation no data is being ingested in Sentinel from the 3rd party Rest client. I enabled the DCR logs today the message being returned is 'Could not validate token because: InvalidAudience'.
asked 2024-10-04T02:19:57.6166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Conrad, Steve
0
Reputation points
answered 2024-10-11T14:24:47.3966667+00:00
Conrad, Steve
0
Reputation points
0 answers
Send Sentinel Incidents to Teams Channel
I tried using the adaptive card solution to send Sentinel incidents to a standard Teams channel, but that did not meet our needs and had these shortcommings: Dependent on a Teams user / service account. Upon using the adaptive card response options,…
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,183 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,162 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,295 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,146 questions
asked 2024-10-07T14:18:42.82+00:00
Lee Seeman
16
Reputation points
commented 2024-10-11T06:00:35.9+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 78%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Prasad-MSFT
6,781
Reputation points Microsoft Vendor
1 answer
A logic app Get-VirusTotalIPReport is not working
I am trying to automate IP enrichment using the Virus Total API. I have set up a logic app and tied it to a respective analytical rule but I am getting the following error. This is a test instance and we have only few resources running on it.
asked 2024-07-30T11:07:58.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 1%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bhupender Singh
0
Reputation points
edited the question 2024-10-10T06:43:12.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
21,381
Reputation points
1 answer
What are the required fields for the analytics rule arm template?
Referring to this guide, https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide I can't find any official documentation on the required fields for the .yaml files? We want to implement pre-commit checks that ensure the templates entering the…
asked 2024-08-19T10:55:57.9066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 46%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Jonathan Canlas
0
Reputation points
edited the question 2024-10-10T06:37:22.57+00:00
AnuragSingh-MSFT
21,381
Reputation points
0 answers
Estamos com problemas em um Playbook, que realiza uma automação para o Sentinel
Estamos com problemas em um Playbook, que realiza uma automação para o Sentinel: Objetivo: Adicionar um ou mais IPs do incidente em uma named location Problema: - Em uma das etapas de GET de HTTP, o logic apps aponta o erro "required scopes are…
asked 2024-08-29T17:28:32.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 11%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Marcos Guedes
0
Reputation points
edited the question 2024-10-10T06:28:35.9466667+00:00
AnuragSingh-MSFT
21,381
Reputation points
1 answer
One of the answers was accepted by the question author.
Better to have separate workspace for Azure Monitor and Sentinel?
Hello. My organization has a log analytics workspace, and we currently have all of the data collected into one workspace. I'm wondering if we would gain any cost advantage by having a dedicated workspace for Azure monitor and the other for Sentinel. …
asked 2024-10-08T23:52:04.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 25%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Erik Stimpfle
21
Reputation points
accepted 2024-10-09T15:39:08.18+00:00
Erik Stimpfle
21
Reputation points
1 answer
One of the answers was accepted by the question author.
To find the number of virtual machines reporting in Azure Sentinel,
Hi We have thousand of vm's in our environment and we need report how many Virtual Machines are reporting to Sentinal . Is there any kusto query or Azure resource graph query to find out number of VM's are reporting to Sentinel. ?
asked 2024-10-07T18:45:29.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 74%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Chauhan, Shaileshbhai
20
Reputation points
accepted 2024-10-08T13:34:46.62+00:00
Chauhan, Shaileshbhai
20
Reputation points
1 answer
W365 CloudPC Monitoring with AMA and Sentinal
Hi Team, I have a question on W365 Enterprise CloudPC monitoring customer want to send all the W365 logs to sentinel including Windows event logs, security logs. Is this possible I did not see any documentation in this regards. If it is possible how…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 66%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Sending incident from Sentinel to Teams
Hi, I'm struggling with some very simple automation where Sentinel incidents should be forwarded to Teams channelIn SOAR Essentials there are two solutions for this Post Message to Teams and Send Adaptive Card The first is simpler, it uses Microsoft…
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,183 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,162 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,146 questions
asked 2024-02-16T12:10:24.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 62%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
Laszlo Pal
35
Reputation points
edited a comment 2024-10-07T14:02:11.31+00:00
Lee Seeman
16
Reputation points