Microsoft Sentinel - UEBA connector not feeding data

Sebastian Wiszowaty 0 Reputation points

GH Issue

Issue at hand

As currently it is impossible to get UEBA enabled with bicep in a reliable way due to:

I opted for enabling it using az cli. Using az cli succeeds in both creating and updating the setting (after having parsed the etag if it is created)

However the data refuses to flow in. My suspicion is that because not all 4/4 data sources are available but it succeeeds. I was asked to raise a support case but because I don't have paid support I'm raising it here.

resource id:


UEBA enabled:


No data in la workspace (no BehaviorAnalytics table):

enter image description here

The LA had been deployed for quite some time now, so I don't believe that would be the '''15 minute period''' before it flows in here.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
796 questions
{count} votes