question

IsuruSam-0010 avatar image
0 Votes"
IsuruSam-0010 asked vipulsparsh-MSFT commented

UserPeerAnalytics data missing in Azure Sentinel

I've noticed that from 25th October the UserPeerAnalytics table has no data. I have the following data connectors available and receiving data. I could not find the UserPeerAnalytics associated with any of the data connectors. Appreciate if someone can share their thoughts on how to fix this.

144465-image.png


144503-image.png


microsoft-sentinel
image.png (36.8 KiB)
image.png (12.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
1 Vote"
vipulsparsh-MSFT answered vipulsparsh-MSFT commented

@IsuruSam-0010 If your screenshot is from the Azure Sentinel UEBA setting directly showing which all connectors are already enabled for UEBA then please open a support case as this might need further investigation related to your tenant.

If the UEBA is not already enabled, you would need to check and confirm if its is already enabled as the User Peer Analytics is part of Behavior Analytics which gets onboarded once you enable the Sentinel for UEBA from here :

144562-image.png



image.png (98.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @vipulsparsh-MSFT

I checked the settings and it's enabled. Something I noticed is that it takes approx 3 days to ingest these logs. When I checked today, I could see the logs from 3 days ago. A comparison below. I'm assuming it's the expected behavior?


144811-graph-comparison.png


0 Votes 0 ·

@IsuruSam-0010 Yes, this is expected behavior.

1 Vote 1 ·