Content
How can I log prompt inputs to Azure OpenAI to enable full-prompt logging in Log Analytics?
My goal is use Azure Monitor to log and monitor full text prompt inputs to the Azure OpenAI service. Is this possible and if so, how can we configure / enable the ability log prompt inputs to the Azure OpenAI service? I already have a Log Analytics…


Which are the possible values for "IsClickedThrough"?
Which are the possible results for "IsClickedThrough" in "UrlClickEvents" table and their meaning? Thanks!
Can we test ASIM parser Locally, with all published vendor data?
We are making ASIM parsers for diff. kind of schemas At the end we want to test that is it reflecting in Global ASIM Parser for particular schema or not. Is there any way to test That ASIM parser after adding it in union?


Sentinel Repo Fails to deploy
Able to authorize and start the addition of the repo. Keep getting this error for 2 of 4 deployments. Not sure which table this is referring to. Or where 'productFilter' is coming from. Just trying to get the Repo initially set up. Status Message: Failed…


MS Sentinel: How to easily find associated queries when deleting a watchlist.
Hello, When trying to delete a watchlist from my workspace, a message pops up telling me to make sure I don't break any related query. Is there a non-manual and easy way to find a watchlist's related queries? I can't find anything on the…


{"error":{"code":"BadRequest","message":"{\"error\":{\"code\":\"BadRequest\",\"message\":\"Failed to map from region to geo. Region:'southindia'\"}}"}}
I have created microsoft sentinel workspace, while creating analytics rules, the below error…


Failed to map from region to geo
Hi , What can be the fix for {"error":{"code":"BadRequest","message":"{"error":{"code":"BadRequest","message":"Failed to map from region to geo.…


How do I integrate Azure Monitor and Azure Sentinel
We use Azure monitor for alerting, and send diagnostic information there as well. We're going to implement Azure Sentinel and Defender for Cloud. For Defender for Cloud, it appears as if we have to already have a log analytics workspace created and…


Constraints when using Microsoft Defender for Cloud and Azure Sentinel and Azure Arc against on-premises outside of Azure
I would like to use Microsoft Defender for Cloud and Azure Sentinel and Azure Arc to protect on-premises servers that exist outside of Azure. Microsoft Defender for Cloud and Azure Sentinel and Azure Arc features fall into which of the following…
Microsoft Sentinel and log forwarder limitations
We are working with customer case related to Sentinel and there are couple of concerns related to log forwarder servers (when collecting syslog or CEF from devices like firewalls): Customer requires that solution must ensure event data collection even…


Notable Events in Sentinel across all tables
Hi Everyone, We are tasked to prepare a dashboard showing total events and total notable events from Sentinel. While getting total number of events is fairly simple with a query to number of events in each table for selected time frame, we are…


Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft
In Azure Sentinel Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft


Sentinel’s JIRA playbook : is it only for cloud instances or also on-premise ?
Hello, I read this documentation : https://learn.microsoft.com/en-us/connectors/jira/?source=docs and it is not mentionned if it works only for cloud or if on-premise instances are also supported. On my side, I tried it with my on-premise…


Question regarding Azure Sentinel Security Logs
Hi All, We are using azure policy to install AMA and assign data collection rule. the Log analytic workspace is linked to the sentinel. Now, to collect windows security logs via Sentinel connector "Windows Security Events via AMA", do we have…


Azure Sentinel integration with salesforce service cloud.
Where to and How to start integrating sentinel with service cloud?


In which folder the Monitor Alert Rule will fall in Azure-Sentinel Github Repository?
Hello, I have created a Monitor Alert Rule which is used to alert me when my function app fails. Monitor Alert Rule Image: And Also I have created an ARM and YAML template for it. So I am very confused that where should I put my Monitor Alert Rule…


tabular value converted to scalar doesn't work in subsequent calculation
Hi, I am trying to do a percentage of total count per Event ID in the Security Event Table. My query is as follows: let totalevents = toscalar(SecurityEvent | summarize count()); SecurityEvent | summarize count() by EventID | extend total=totalevents |…


What are the difference between the filtering parser and parameter-less parser in ASIM parsers?
Hello, I am developing an ASIM parser and following the steps from https://learn.microsoft.com/en-us/azure/sentinel/normalization-develop-parsers#custom-parser-development-process and in that steps there are two parsers a filtering parser and a…


Getting error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" is dynamic/array.
In the KQL below, I am getting the error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" (i.e., disabledAccountSet) is dynamic/array. Source of the KQL: Sign-ins from IPs that attempt sign-ins…


Microsoft Sentinel - Caller does not have permissions when deploying automation rule through repositories
I am having trouble deploying an automation rule which calls on a playbook, through an Azure DevOps repository to Microsoft Sentinel. When attempting to deploy the automation rule, I get the error: [Warning] Failed to deploy…

