Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,379 questions
0 answers
KQL Queries not showing results
No matter what is attempted in KQL, all queries consistently run past 30 minutes. Repeated attempts to recreate the VMs, Sentinels, Workspaces, etc., have not resolved the issue.
asked 2025-02-15T20:02:19.6533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 47%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MTOrion
0
Reputation points
commented 2025-02-18T09:36:55.2533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 62%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Nagarjuna Reddy Yanna
0
Reputation points Microsoft Vendor
1 answer
Why defender is not correlating the Entra ID protection alerts?
Hi Team, In my environment, Entra ID Protection is generating multiple alerts even when the user, IP address, and sign-in events are the same and occur within seconds. These alerts are forwarded to Microsoft Defender, but they are not being correlated,…
asked 2025-02-17T14:53:42.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 76%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Supriya Nelluri
0
Reputation points
answered 2025-02-18T09:34:32.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
595
Reputation points Microsoft Employee
0 answers
Alert XX was added to the incident by Microsoft Defender XDR - alert correlation
Hey, I am sending alarms/incidents from another SIEM to sentinel for centralization. The goal is that sentinel mirrors the alarms/incidents exactly. The data is sent to a custom log table, in the log analytics workspace through an API call, and I have a…
asked 2025-02-18T07:01:10.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 37%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)
Horne, Lorents Birkeland
0
Reputation points
asked 2025-02-18T07:01:10.58+00:00
Horne, Lorents Birkeland
0
Reputation points
1 answer
Need help with solution to deploy sentinel in US region and China region
I want to deploy sentinel in US region and China region. is it possible to send logs using DCR rules from China to workspace build in US region or do I need to build 2 workspace separately and send logs from China to US using event Hub . Incase I…
asked 2025-02-10T05:52:12.9666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 34%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
sameer khandar
0
Reputation points
commented 2025-02-17T13:37:02.8566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sakshi Devkante
735
Reputation points Microsoft Vendor
1 answer
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
asked 2024-12-15T09:21:08.1633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
suraj hirekudi
0
Reputation points
commented 2025-02-17T13:00:57.9566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 50%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Pavlo Khazov
0
Reputation points
1 answer
Connect data to Microsoft Sentinel using data connectors Salesforce
I need help integrating SaleForce and Wiz into my siem.
asked 2025-02-10T14:57:39.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 30%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
Dunham, Jermey
0
Reputation points
commented 2025-02-17T09:20:33.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 49%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
LiweiTian-MSFT
24,000
Reputation points Microsoft Vendor
0 answers
Data connector buttons are grayed out saying No permissions
cannot enable Microsoft Defender XDR connector in sentinel despite being logged in as owner of tenant, subscription and resource group. My licence is Microsoft 365 Business Premium which I see in documentation is an Microsoft XDR eligible licence
asked 2025-02-13T12:41:56.3866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
gutta bachelor
0
Reputation points
commented 2025-02-17T07:24:35.0366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
15,465
Reputation points Microsoft Vendor
1 answer
Why use Fortinet Connector instead of a Function App for registering an action group in the Fortinet-FortiGate playbook?
Hello, I am setting up the Fortinet-FortiGate playbook and noticed that for registering an action group in FortiGate, the playbook uses the Fortinet Connector instead of a Function App. Why was the Fortinet Connector chosen for this action instead of a…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 22%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
1 answer
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Applied skills Name: Deploy containers by using Azure Kubernetes Service Issue: This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
asked 2024-03-24T11:56:12.4166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
pritam bhor
25
Reputation points
commented 2025-02-14T14:45:49.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 36%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
REZAI Arash
0
Reputation points
3 answers
Problem with Microsoft Sentinel Connector
Hello, for test i have deploy sentinel 2 or 3 time and after that i delete Workpace. Now i have recreted new Workspace and when i try connect connector i recevive the following error: I have just try to find if there are other diagnostics settings but…
asked 2025-02-01T09:06:59.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGI%3C/text%3E%3C/svg%3E)
Guido Imperatore
20
Reputation points MVP
answered 2025-02-13T11:06:33.1466667+00:00
Alex Burlachenko
1,010
Reputation points
1 answer
Issues trying to connect to MITRE ATT&CK STIX 2.1 Feed from Sentinel Threat Intelligence
Hi, I am having issues while trying to connect to the MITRE ATT&CK STIX 2.1 Feed from within Sentinel's Threat Intelligence module. I have the 'Threat Intelligence - TAXII' data connector enabled (with another TAXII server…
asked 2025-02-03T04:58:21.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 57.99999999999999%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW6%3C/text%3E%3C/svg%3E)
WillAngus-6254
0
Reputation points
commented 2025-02-13T11:03:42.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
12,985
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
Azure Sentinel - Query help
Dear All, I need to write query to hunt for OS Credential Dumping: NTDS. T1003.003, kindly help if you got any information
asked 2022-02-15T14:33:19.247+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 15%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
karthik palani
1,036
Reputation points
commented 2025-02-13T02:44:17.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 87%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
useR
0
Reputation points
2 answers
Need kql to query purview sensitive, not-encrypted, externally sent data
Hi there, I'm trying to understand if I can use kql to query the following about Purview events. Here's a 'hypothetical' kql query that works logically, but I'm struggling to create a Purview policy that matches this. I've created a 'sensitive' label,…
asked 2025-02-06T17:19:01.5233333+00:00
David Broggy
6,101
Reputation points MVP
commented 2025-02-12T19:00:16.4033333+00:00
Oury Ba-MSFT
20,341
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
No access to DeviceTvmSoftwareVulnerabilities table in Sentinel?
There is an XDR analytic rule in Sentinel named "Execution of software vulnerable to webp buffer overflow of CVE-2023-4863" However the kql query used by this rule requires access to the DeviceTvmSoftwareVulnerabilities table. But according to…
asked 2025-02-07T20:06:08.39+00:00
David Broggy
6,101
Reputation points MVP
edited a comment 2025-02-12T12:25:12.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 4%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
Jonathan James
0
Reputation points
1 answer
Inound connection identified as Outbound by Microsoft Sentinel
I have noticed that there are several outbound connections in the overview page. However, having analyzed the traffic, I realized that inbound traffic labeled as outbound traffic. Note: I have removed the destination IPs as they are…
asked 2022-10-27T03:53:39.813+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 45%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Nimantha Deshappriya
21
Reputation points
edited an answer 2025-02-11T16:30:45.8033333+00:00
Luis Arias
7,861
Reputation points
1 answer
What is the size limit of rawContent of watchlist when bundled in solution package?
We are using watchlists to upload data via csv files and using it in worksbook. As per the document, there is a size limit of 3.8MB while creating watchlist using local csv files. So, we have created csv files of size 2.5MB, using which we are able to…
asked 2025-01-31T06:30:59.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 62%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Nirali Shah
151
Reputation points
commented 2025-02-11T15:42:35.7733333+00:00
Raja Pothuraju
12,985
Reputation points Microsoft Vendor
1 answer
Cannot read data from Cloudflare in Azure Sentinel
I already setting logpush from Cloudflare to Azure sentinel. it only show test log only
asked 2025-02-11T01:11:01.3066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 7.000000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
amir rachman
0
Reputation points
answered 2025-02-11T14:05:52.92+00:00
Luis Arias
7,861
Reputation points
1 answer
Microsoft public IP scanning my app services IP
We recevied an alert on defender for cloud stating vulnerability scanner detected. while checking the owner of the IP, it's MICROSOFT-CORP-MSN-AS-BLOCK and it is scanning for world press related stuffs on my azure app services. Is it some sort of intenal…
asked 2025-02-06T07:34:03.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 79%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AzureGladiator
0
Reputation points
commented 2025-02-10T08:49:19.5233333+00:00
Sakshi Devkante
735
Reputation points Microsoft Vendor
1 answer
Data Connector - Api Restriction
Dear Prisma Cloud Support Team, I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data…
asked 2025-01-22T12:16:32.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 84%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Jakub Wierzchowski
0
Reputation points
edited the question 2025-02-06T14:14:01.0533333+00:00
Raja Pothuraju
12,985
Reputation points Microsoft Vendor
1 answer
How to find out which of several authenticators was used in a sign-in?
We are using MFA with Microsoft Authenticator for user sign-ins to our tenant. Many of our users have registered more than one Microsoft Authenticator instance. Sometimes this is deliberate, in order to have a backup in case the primary smartphone is…
asked 2025-01-13T13:20:23.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
50
Reputation points
commented 2025-02-04T23:36:25.2333333+00:00
James Hamil
26,996
Reputation points Microsoft Employee