Microsoft Q&A

Microsoft Sentinel

658 questions

A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.

Browse all Azure tags

658 questions with Microsoft Sentinel tags

Sort by: Updated
0 answers

How can I log prompt inputs to Azure OpenAI to enable full-prompt logging in Log Analytics?

My goal is use Azure Monitor to log and monitor full text prompt inputs to the Azure OpenAI service. Is this possible and if so, how can we configure / enable the ability log prompt inputs to the Azure OpenAI service? I already have a Log Analytics…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
101 questions
asked 2023-03-26T17:05:43.92+00:00
Sikora, Nicholas 0 Reputation points
1 answer

Which are the possible values for "IsClickedThrough"?

Which are the possible results for "IsClickedThrough" in "UrlClickEvents" table and their meaning? Thanks!

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-20T03:03:13.8233333+00:00
Noisy 21 Reputation points
commented 2023-03-26T12:13:04.4733333+00:00
Noisy 21 Reputation points
2 answers

Can we test ASIM parser Locally, with all published vendor data?

We are making ASIM parsers for diff. kind of schemas At the end we want to test that is it reflecting in Global ASIM Parser for particular schema or not. Is there any way to test That ASIM parser after adding it in union?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2022-09-16T12:50:25+00:00
Jayesh Prajapati 1 Reputation point
answered 2023-03-25T21:32:09.26+00:00
Sedat SALMAN 335 Reputation points
0 answers

Sentinel Repo Fails to deploy

Able to authorize and start the addition of the repo. Keep getting this error for 2 of 4 deployments. Not sure which table this is referring to. Or where 'productFilter' is coming from. Just trying to get the Repo initially set up. Status Message: Failed…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-20T20:13:46.67+00:00
DWilliams-9263 0 Reputation points
commented 2023-03-24T21:10:04.2066667+00:00
CJ Tarbox 0 Reputation points
2 answers

MS Sentinel: How to easily find associated queries when deleting a watchlist.

Hello, When trying to delete a watchlist from my workspace, a message pops up telling me to make sure I don't break any related query. Is there a non-manual and easy way to find a watchlist's related queries? I can't find anything on the…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-22T07:29:34.77+00:00
ben_loy 5 Reputation points
edited a comment 2023-03-24T18:22:52.27+00:00
JamesTran-MSFT 27,666 Reputation points Microsoft Employee
0 answers

{"error":{"code":"BadRequest","message":"{\"error\":{\"code\":\"BadRequest\",\"message\":\"Failed to map from region to geo. Region:'southindia'\"}}"}}

I have created microsoft sentinel workspace, while creating analytics rules, the below error…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-23T14:07:56.27+00:00
Jitendra Pal 0 Reputation points
commented 2023-03-24T17:25:45.9233333+00:00
Marilee Turscak-MSFT 22,296 Reputation points Microsoft Employee
0 answers

Failed to map from region to geo

Hi , What can be the fix for {"error":{"code":"BadRequest","message":"{"error":{"code":"BadRequest","message":"Failed to map from region to geo.…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-23T14:13:31.69+00:00
Jitendra Pal 0 Reputation points
commented 2023-03-24T17:25:25.8633333+00:00
Marilee Turscak-MSFT 22,296 Reputation points Microsoft Employee
1 answer

How do I integrate Azure Monitor and Azure Sentinel

We use Azure monitor for alerting, and send diagnostic information there as well. We're going to implement Azure Sentinel and Defender for Cloud. For Defender for Cloud, it appears as if we have to already have a log analytics workspace created and…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
733 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
asked 2023-03-16T14:50:43.4933333+00:00
Richard Duane Wolford Jr 161 Reputation points
commented 2023-03-24T14:14:11.66+00:00
Richard Duane Wolford Jr 161 Reputation points
0 answers

Constraints when using Microsoft Defender for Cloud and Azure Sentinel and Azure Arc against on-premises outside of Azure

I would like to use Microsoft Defender for Cloud and Azure Sentinel and Azure Arc to protect on-premises servers that exist outside of Azure. Microsoft Defender for Cloud and Azure Sentinel and Azure Arc features fall into which of the following…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
151 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
733 questions
asked 2023-03-24T02:14:14.5366667+00:00
杉田 世紀 0 Reputation points
edited the question 2023-03-24T07:26:00.1433333+00:00
杉田 世紀 0 Reputation points
1 answer

Microsoft Sentinel and log forwarder limitations

We are working with customer case related to Sentinel and there are couple of concerns related to log forwarder servers (when collecting syslog or CEF from devices like firewalls): Customer requires that solution must ensure event data collection even…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
asked 2023-03-23T13:08:30.3066667+00:00
Anttu Pekkarinen 0 Reputation points
answered 2023-03-24T07:02:41.1733333+00:00
Clive Watson 2,196 Reputation points MVP
1 answer

Notable Events in Sentinel across all tables

Hi Everyone, We are tasked to prepare a dashboard showing total events and total notable events from Sentinel. While getting total number of events is fairly simple with a query to number of events in each table for selected time frame,  we are…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-21T15:43:18.1433333+00:00
Jain, Shamu 0 Reputation points
edited the question 2023-03-23T22:01:20.09+00:00
JamesTran-MSFT 27,666 Reputation points Microsoft Employee
14 answers

Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft

In Azure Sentinel Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-12T15:51:54.7166667+00:00
Sergey Smirnov 5 Reputation points
commented 2023-03-23T20:32:43.5733333+00:00
Sergey Smirnov 5 Reputation points
3 answers

Sentinel’s JIRA playbook : is it only for cloud instances or also on-premise ?

Hello, I read this documentation : https://learn.microsoft.com/en-us/connectors/jira/?source=docs and it is not mentionned if it works only for cloud or if on-premise instances are also supported. On my side, I tried it with my on-premise…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2022-09-08T14:07:53.18+00:00
SMONDACK Adrien 1 Reputation point
answered 2023-03-23T18:07:24.59+00:00
Shannon Hamby 0 Reputation points
2 answers One of the answers was accepted by the question author.

Question regarding Azure Sentinel Security Logs

Hi All, We are using azure policy to install AMA and assign data collection rule. the Log analytic workspace is linked to the sentinel. Now, to collect windows security logs via Sentinel connector "Windows Security Events via AMA", do we have…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-16T17:41:29.72+00:00
Shinde, Balaji 116 Reputation points
commented 2023-03-23T12:08:31.98+00:00
Shinde, Balaji 116 Reputation points
1 answer One of the answers was accepted by the question author.

Azure Sentinel integration with salesforce service cloud.

Where to and How to start integrating sentinel with service cloud?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2020-05-18T12:03:00.227+00:00
Ali Rahimi 21 Reputation points
commented 2023-03-23T10:57:58.7366667+00:00
David Austin 0 Reputation points
1 answer

In which folder the Monitor Alert Rule will fall in Azure-Sentinel Github Repository?

Hello, I have created a Monitor Alert Rule which is used to alert me when my function app fails. Monitor Alert Rule Image: And Also I have created an ARM and YAML template for it. So I am very confused that where should I put my Monitor Alert Rule…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
asked 2023-03-16T07:08:21.4766667+00:00
52947435 126 Reputation points
commented 2023-03-22T21:46:27.9033333+00:00
JamesTran-MSFT 27,666 Reputation points Microsoft Employee
1 answer

tabular value converted to scalar doesn't work in subsequent calculation

Hi, I am trying to do a percentage of total count per Event ID in the Security Event Table. My query is as follows: let totalevents = toscalar(SecurityEvent | summarize count()); SecurityEvent | summarize count() by EventID | extend total=totalevents |…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
asked 2023-03-15T23:57:17.6033333+00:00
Jeremy Hagan 0 Reputation points
commented 2023-03-21T17:57:10.1233333+00:00
JamesTran-MSFT 27,666 Reputation points Microsoft Employee
2 answers

What are the difference between the filtering parser and parameter-less parser in ASIM parsers?

Hello, I am developing an ASIM parser and following the steps from https://learn.microsoft.com/en-us/azure/sentinel/normalization-develop-parsers#custom-parser-development-process and in that steps there are two parsers a filtering parser and a…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-13T10:12:48.6333333+00:00
52947435 126 Reputation points
commented 2023-03-21T17:54:23.67+00:00
JamesTran-MSFT 27,666 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

Getting error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" is dynamic/array.

In the KQL below, I am getting the error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" (i.e., disabledAccountSet) is dynamic/array. Source of the KQL: Sign-ins from IPs that attempt sign-ins…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
1,941 questions
asked 2023-03-07T14:52:43.3133333+00:00
Prakhar Kumar 25 Reputation points
answered 2023-03-21T10:44:21.2266667+00:00
User989846-7900 1 Reputation point
2 answers One of the answers was accepted by the question author.

Microsoft Sentinel - Caller does not have permissions when deploying automation rule through repositories

I am having trouble deploying an automation rule which calls on a playbook, through an Azure DevOps repository to Microsoft Sentinel. When attempting to deploy the automation rule, I get the error: [Warning] Failed to deploy…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
asked 2023-03-16T09:41:01.9366667+00:00
Liam Jones 116 Reputation points
accepted 2023-03-21T08:32:25.7533333+00:00
Liam Jones 116 Reputation points