1,139 questions with Microsoft Sentinel tags

Sort by: Updated
0 answers

Better to have separate workspace for Azure Monitor and Sentinel?

Hello. My organization has a log analytics workspace, and we currently have all of the data collected into one workspace. I'm wondering if we would gain any cost advantage by having a dedicated workspace for Azure monitor and the other for Sentinel. …

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,267 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-08T23:52:04.15+00:00
Erik Stimpfle 1 Reputation point
1 answer One of the answers was accepted by the question author.

To find the number of virtual machines reporting in Azure Sentinel,

Hi We have thousand of vm's in our environment and we need report how many Virtual Machines are reporting to Sentinal . Is there any kusto query or Azure resource graph query to find out number of VM's are reporting to Sentinel. ?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-07T18:45:29.4066667+00:00
Chauhan, Shaileshbhai 0 Reputation points
accepted 2024-10-08T13:34:46.62+00:00
Chauhan, Shaileshbhai 0 Reputation points
0 answers

Send Sentinel Incidents to Teams Channel

I tried using the adaptive card solution to send Sentinel incidents to a standard Teams channel, but that did not meet our needs and had these shortcommings: Dependent on a Teams user / service account. Upon using the adaptive card response options,…

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,114 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,137 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,260 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-07T14:18:42.82+00:00
Lee Seeman 16 Reputation points
commented 2024-10-08T07:05:53.7466667+00:00
Prasad-MSFT 6,776 Reputation points Microsoft Vendor
1 answer

W365 CloudPC Monitoring with AMA and Sentinal

Hi Team, I have a question on W365 Enterprise CloudPC monitoring customer want to send all the W365 logs to sentinel including Windows event logs, security logs. Is this possible I did not see any documentation in this regards. If it is possible how…

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,267 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-04T12:22:56.1+00:00
sri 45 Reputation points
commented 2024-10-07T20:42:01.7333333+00:00
sri 45 Reputation points
1 answer One of the answers was accepted by the question author.

Sending incident from Sentinel to Teams

Hi, I'm struggling with some very simple automation where Sentinel incidents should be forwarded to Teams channelIn SOAR Essentials there are two solutions for this Post Message to Teams and Send Adaptive Card The first is simpler, it uses Microsoft…

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,114 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,137 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-02-16T12:10:24.01+00:00
Laszlo Pal 35 Reputation points
edited a comment 2024-10-07T14:02:11.31+00:00
Lee Seeman 16 Reputation points
0 answers

Restricting GCP Workload Identity Authentication to Specific Azure Sentinel Data Connectors

I have to ingest gcp audit log to azure sentinel pubsub audit log connector and authentication should be done using gcp workload identity I have created the setup and it's working fine in this setup while setting up provider issuer and one of the allowed…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-07T10:47:26.8966667+00:00
sheetal soni 0 Reputation points
2 answers One of the answers was accepted by the question author.

Why data connector display disconnected after setup

I setup a data connector with Content source :Azure Activity however it shows disconnected,how to make it connected?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-28T13:45:41.2366667+00:00
Tester 25 Reputation points
edited an answer 2024-10-07T08:44:09.2633333+00:00
Pauline Mbabu 405 Reputation points Microsoft Employee
0 answers

Error Logs Ingestion API into Sentinel

Logs ingestion API implementation no data is being ingested in Sentinel from the 3rd party Rest client. I enabled the DCR logs today the message being returned is 'Could not validate token because: InvalidAudience'.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-10-04T02:19:57.6166667+00:00
Conrad, Steve 0 Reputation points
commented 2024-10-04T02:53:10.3633333+00:00
Conrad, Steve 0 Reputation points
1 answer

Can we use MS Training lab of Sentinel in the free trial for Azure Sentinel once it expires

Do we incur any charges in the MS Training lab of Sentinel in the free trial for Azure Sentinel once it expires after 30 days.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-30T14:50:34.77+00:00
Anand Kumar Mortha 0 Reputation points
answered 2024-10-02T19:58:54.63+00:00
Pauline Mbabu 405 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

How to check if workspace is replicated?

Dear support, We are testing out the workspace-replication feature (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-replication) for log analytic workspaces. When creating a replication workspace and sending the request as mentioned…

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,267 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-24T13:35:20.9733333+00:00
Hoeneveld, T.A. (Tim) 50 Reputation points
edited the question 2024-10-01T16:02:08.9733333+00:00
SadiqhAhmed-MSFT 45,186 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Syslog Transformation DCR not working

I need assistance troubleshooting a Syslog Transformation DCR used with Microsoft Sentinel. The Transformation DCR looks to work correctly in the Create Transformation wizard, but doesn't actually filter out the records. I have a few Syslog/CEF…

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,267 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-05-29T16:03:21.6833333+00:00
Greg Sneed 20 Reputation points
commented 2024-10-01T12:00:08.6266667+00:00
Suleman Kadiri 0 Reputation points
0 answers

Pagination in MS Sentinel Threat Indicators API

I am using the below endpoint to list Azure Sentinel Threat Indicators. I have about 350~ in the MS Sentinel instance, and when I query the endpoint it gives me the first 100 and also a nextLink value. I query the next set using the nextlink value and…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-30T16:48:50.29+00:00
JB 0 Reputation points
edited the question 2024-10-01T01:20:03.56+00:00
Ryan Hill 28,106 Reputation points Microsoft Employee
0 answers

Atypical Travel - no info for "Previous Location"

Reviewing the output of an Atypical Travel alert, I find detailed information for "Current Location" (City, State, Country), but I only get Country as a result of the "Previous Location". Why is there a discrepancy in the amount of…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,757 questions
asked 2024-09-12T17:05:55.0966667+00:00
KyleG 0 Reputation points
commented 2024-09-30T22:50:25.2+00:00
Raja Pothuraju 6,440 Reputation points Microsoft Vendor
0 answers

Cant Import Sentinel Alert Rules

Good morning, I am having difficulty importing sentinel rules after I deleted old ones. I deleted the old rules on friday 9/27 9am EST and am getting the error the rule with ID 'xyz' was recently deleted. You need to allow some time before re-using the…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-30T13:22:40.92+00:00
Eugene Golovanyuk 10 Reputation points
1 answer

Azure AD Audit logs - Not showing teh User who made the changes

Was investigating on AD group membership changes. Checked the AD audit logs and found that events related to group membership changes, but doesn't show the account which made the changes. It says that the changes was intiated by an application called…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2021-08-03T07:49:16.403+00:00
Malli Boppe 31 Reputation points
commented 2024-09-30T10:46:20.2733333+00:00
Andreea Sapunaru 0 Reputation points
4 answers

Caller is missing required playbook triggering permissions on playbook resource

I have created a custom playbook but I get the error: Failed to trigger playbook Caller is missing required playbook triggering permissions on playbook resource…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,757 questions
asked 2023-02-07T06:01:54.6333333+00:00
Robert D. Crane 46 Reputation points MVP
commented 2024-09-28T10:48:23.69+00:00
rm001 0 Reputation points
0 answers

Sentinel unexpected error

Hi! I have an issue with Microsoft Sentinel. Every now and then I get this "unexpected error". When this happens all connectors show as not connected, I can't run any queries nor see any logs. I still receive incidents based on some analytic…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-26T06:28:42.5+00:00
Sebastian Enström 0 Reputation points
commented 2024-09-27T08:57:36.4066667+00:00
Clive Watson 6,436 Reputation points MVP
1 answer

Which table should I use to pull log ingestion numbers for Computers?

Hello everyone, I have been tasked by a client to create a query to get the total monthly log ingestion from a group of Computers using a Watchlist. My first thought was to use the Usage table, join that with the Watchlist and then get the log ingestion…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-09T20:19:33.94+00:00
Matthew Agosta 0 Reputation points
commented 2024-09-26T20:37:33.3766667+00:00
James Hamil 24,661 Reputation points Microsoft Employee
1 answer

Error giving permission to Logic Apps from Microsoft Sentinel

I'm having trouble setting up email and SMS alerts with Sentinel due to issues with Logic Apps permissions. I've tried assigning contributor access to the relevant Logic App, but when I give permission through Manage Playbook Permission, I get the…

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,137 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-20T20:37:16.02+00:00
Lakshan Sameera 0 Reputation points
answered 2024-09-24T19:25:58.5933333+00:00
Pauline Mbabu 405 Reputation points Microsoft Employee
0 answers

Update to Python 3.11 got SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

Hi, After we updated our Sentinel data connector(implemented in Azure Function) to use python3.11 from 3.10, we got SSL Error from urllib3 when making API calls: SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify…

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,990 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
asked 2024-09-24T17:10:13.2266667+00:00
Xiuyang Bobby Sun 65 Reputation points
commented 2024-09-24T17:42:00.14+00:00
Xiuyang Bobby Sun 65 Reputation points