1,220 questions with Microsoft Sentinel tags

Sort by: Updated
0 answers

Data connector buttons are grayed out saying No permissions

cannot enable Microsoft Defender XDR connector in sentinel despite being logged in as owner of tenant, subscription and resource group. My licence is Microsoft 365 Business Premium which I see in documentation is an Microsoft XDR eligible licence

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
248 questions
asked 2025-02-13T12:41:56.3866667+00:00
gutta bachelor 0 Reputation points
1 answer

Why use Fortinet Connector instead of a Function App for registering an action group in the Fortinet-FortiGate playbook?

Hello, I am setting up the Fortinet-FortiGate playbook and noticed that for registering an action group in FortiGate, the playbook uses the Fortinet Connector instead of a Function App. Why was the Fortinet Connector chosen for this action instead of a…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-12T05:09:01.1633333+00:00
mara7 166 Reputation points
commented 2025-02-13T12:06:44.0866667+00:00
Raja Pothuraju 12,660 Reputation points Microsoft Vendor
2 answers

Need help with solution to deploy sentinel in US region and China region

I want to deploy sentinel in US region and China region. is it possible to send logs using DCR rules from China to workspace build in US region or do I need to build 2 workspace separately and send logs from China to US using event Hub . Incase I…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-10T05:52:12.9666667+00:00
sameer khandar 0 Reputation points
answered 2025-02-13T11:45:54.16+00:00
Sameer Khandar 0 Reputation points
3 answers

Problem with Microsoft Sentinel Connector

Hello, for test i have deploy sentinel 2 or 3 time and after that i delete Workpace. Now i have recreted new Workspace and when i try connect connector i recevive the following error: I have just try to find if there are other diagnostics settings but…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-01T09:06:59.5833333+00:00
Guido Imperatore 20 Reputation points MVP
answered 2025-02-13T11:06:33.1466667+00:00
Alex Burlachenko 1,010 Reputation points
1 answer

Issues trying to connect to MITRE ATT&CK STIX 2.1 Feed from Sentinel Threat Intelligence

Hi, I am having issues while trying to connect to the MITRE ATT&CK STIX 2.1 Feed from within Sentinel's Threat Intelligence module. I have the 'Threat Intelligence - TAXII' data connector enabled (with another TAXII server…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-03T04:58:21.01+00:00
WillAngus-6254 0 Reputation points
commented 2025-02-13T11:03:42.4+00:00
Raja Pothuraju 12,660 Reputation points Microsoft Vendor
1 answer

This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.

Applied skills Name: Deploy containers by using Azure Kubernetes Service Issue: This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2024-03-24T11:56:12.4166667+00:00
pritam bhor 25 Reputation points
commented 2025-02-13T10:37:24.9133333+00:00
Philipp Moser 10 Reputation points
2 answers One of the answers was accepted by the question author.

Azure Sentinel - Query help

Dear All, I need to write query to hunt for OS Credential Dumping: NTDS. T1003.003, kindly help if you got any information

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2022-02-15T14:33:19.247+00:00
karthik palani 1,036 Reputation points
commented 2025-02-13T02:44:17.5833333+00:00
useR 0 Reputation points
2 answers

Need kql to query purview sensitive, not-encrypted, externally sent data

Hi there, I'm trying to understand if I can use kql to query the following about Purview events. Here's a 'hypothetical' kql query that works logically, but I'm struggling to create a Purview policy that matches this. I've created a 'sensitive' label,…

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,388 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-06T17:19:01.5233333+00:00
David Broggy 6,101 Reputation points MVP
commented 2025-02-12T19:00:16.4033333+00:00
Oury Ba-MSFT 20,186 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

No access to DeviceTvmSoftwareVulnerabilities table in Sentinel?

There is an XDR analytic rule in Sentinel named "Execution of software vulnerable to webp buffer overflow of CVE-2023-4863" However the kql query used by this rule requires access to the DeviceTvmSoftwareVulnerabilities table. But according to…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-07T20:06:08.39+00:00
David Broggy 6,101 Reputation points MVP
edited a comment 2025-02-12T12:25:12.1+00:00
Jonathan James 0 Reputation points
1 answer

Inound connection identified as Outbound by Microsoft Sentinel

I have noticed that there are several outbound connections in the overview page. However, having analyzed the traffic, I realized that inbound traffic labeled as outbound traffic. Note: I have removed the destination IPs as they are…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2022-10-27T03:53:39.813+00:00
Nimantha Deshappriya 21 Reputation points
edited an answer 2025-02-11T16:30:45.8033333+00:00
Luis Arias 7,856 Reputation points
1 answer

What is the size limit of rawContent of watchlist when bundled in solution package?

We are using watchlists to upload data via csv files and using it in worksbook. As per the document, there is a size limit of 3.8MB while creating watchlist using local csv files. So, we have created csv files of size 2.5MB, using which we are able to…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-01-31T06:30:59.1833333+00:00
Nirali Shah 151 Reputation points
commented 2025-02-11T15:42:35.7733333+00:00
Raja Pothuraju 12,660 Reputation points Microsoft Vendor
1 answer

Cannot read data from Cloudflare in Azure Sentinel

I already setting logpush from Cloudflare to Azure sentinel. it only show test log only

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-11T01:11:01.3066667+00:00
amir rachman 0 Reputation points
answered 2025-02-11T14:05:52.92+00:00
Luis Arias 7,856 Reputation points
0 answers

Microsoft Defender for identity auto disable user account.

Hello, Recently, we are experiencing a lot of user accounts being automatically disable by Microsoft Defender for Identity when they authenticated by Exchange Online. Somehow, Defender think the user's accounts being attacked, and just disabled users…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
248 questions
asked 2025-02-06T20:10:58.3766667+00:00
brichardi 331 Reputation points
commented 2025-02-11T08:42:36.5666667+00:00
Navya 15,465 Reputation points Microsoft Vendor
1 answer

Connect data to Microsoft Sentinel using data connectors Salesforce

I need help integrating SaleForce and Wiz into my siem.

Viva Connections
Viva Connections
A Microsoft Viva module that provides a gateway to a modern engagement experience.
105 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,232 questions
asked 2025-02-10T14:57:39.59+00:00
Dunham, Jermey 0 Reputation points
edited an answer 2025-02-11T01:40:56.5733333+00:00
LiweiTian-MSFT 23,925 Reputation points Microsoft Vendor
1 answer

Microsoft public IP scanning my app services IP

We recevied an alert on defender for cloud stating vulnerability scanner detected. while checking the owner of the IP, it's MICROSOFT-CORP-MSN-AS-BLOCK and it is scanning for world press related stuffs on my azure app services. Is it some sort of intenal…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,491 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-02-06T07:34:03.2566667+00:00
AzureGladiator 0 Reputation points
commented 2025-02-10T08:49:19.5233333+00:00
Sakshi Devkante 660 Reputation points Microsoft Vendor
1 answer

Data Connector - Api Restriction

Dear Prisma Cloud Support Team, I am experiencing an issue with the integration between Microsoft Sentinel and Prisma Cloud using the Data Connector described in your documentation (Integrating Prisma Cloud with Azure Sentinel using the Data…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-01-22T12:16:32.56+00:00
Jakub Wierzchowski 0 Reputation points
edited the question 2025-02-06T14:14:01.0533333+00:00
Raja Pothuraju 12,660 Reputation points Microsoft Vendor
1 answer

How to find out which of several authenticators was used in a sign-in?

We are using MFA with Microsoft Authenticator for user sign-ins to our tenant. Many of our users have registered more than one Microsoft Authenticator instance. Sometimes this is deliberate, in order to have a backup in case the primary smartphone is…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,232 questions
asked 2025-01-13T13:20:23.8366667+00:00
Tilman Schmidt 50 Reputation points
commented 2025-02-04T23:36:25.2333333+00:00
James Hamil 26,986 Reputation points Microsoft Employee
1 answer

Microsoft Sentinel for SAP - API based collector agent - SAP in AWS

I have deployed the Sentinel for SAP but the API based collector agent is showing incomplete installation. I have followed all the instructions and logs are flowing into SAP. Is the API Based collector agent needed for AWS installations.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-01-29T21:49:48.6733333+00:00
DougE 0 Reputation points
commented 2025-02-04T21:23:37.2366667+00:00
Akhilesh Vallamkonda 11,755 Reputation points Microsoft Vendor
0 answers

Microsoft Sentinel: System Assigned Managed Identity can't find location

I'm trying to connect Azure Activity to Microsoft Sentinel. It requires creating a Managed Identity. When creating a System Assigned Managed Identity, a location is required but there's no location options to select. Any idea what could be causing this?…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-01-10T15:58:49.0066667+00:00
alfalfa 20 Reputation points
commented 2025-01-30T15:07:47.2766667+00:00
Justin Hertwig 10 Reputation points
1 answer

How to send Windows logs from an on premises windows machine to Microsoft Sentinel?

Hi, I'm trying to set up Microsoft Sentinel, and I need to forward windows logs from all of our machines. I'm experimenting with the configuration on a machine running Windows 11 Pro, then plan to copy the configuration across the rest of our machines.…

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,797 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,220 questions
asked 2025-01-21T21:40:59.6366667+00:00
Colin R 0 Reputation points
commented 2025-01-29T18:48:35.72+00:00
Akhilesh Vallamkonda 11,755 Reputation points Microsoft Vendor