Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
658 questions
Content
0 answers
How can I log prompt inputs to Azure OpenAI to enable full-prompt logging in Log Analytics?
My goal is use Azure Monitor to log and monitor full text prompt inputs to the Azure OpenAI service. Is this possible and if so, how can we configure / enable the ability log prompt inputs to the Azure OpenAI service? I already have a Log Analytics…
asked 2023-03-26T17:05:43.92+00:00
Sikora, Nicholas
0
Reputation points
asked 2023-03-26T17:05:43.92+00:00
Sikora, Nicholas
0
Reputation points
1 answer
Which are the possible values for "IsClickedThrough"?
Which are the possible results for "IsClickedThrough" in "UrlClickEvents" table and their meaning? Thanks!
2 answers
Can we test ASIM parser Locally, with all published vendor data?
We are making ASIM parsers for diff. kind of schemas At the end we want to test that is it reflecting in Global ASIM Parser for particular schema or not. Is there any way to test That ASIM parser after adding it in union?
asked 2022-09-16T12:50:25+00:00
Jayesh Prajapati
1
Reputation point
answered 2023-03-25T21:32:09.26+00:00
Sedat SALMAN
335
Reputation points
0 answers
Sentinel Repo Fails to deploy
Able to authorize and start the addition of the repo. Keep getting this error for 2 of 4 deployments. Not sure which table this is referring to. Or where 'productFilter' is coming from. Just trying to get the Repo initially set up. Status Message: Failed…
asked 2023-03-20T20:13:46.67+00:00
DWilliams-9263
0
Reputation points
commented 2023-03-24T21:10:04.2066667+00:00
CJ Tarbox
0
Reputation points
2 answers
MS Sentinel: How to easily find associated queries when deleting a watchlist.
Hello, When trying to delete a watchlist from my workspace, a message pops up telling me to make sure I don't break any related query. Is there a non-manual and easy way to find a watchlist's related queries? I can't find anything on the…
asked 2023-03-22T07:29:34.77+00:00
ben_loy
5
Reputation points
edited a comment 2023-03-24T18:22:52.27+00:00
JamesTran-MSFT
27,666
Reputation points Microsoft Employee
0 answers
{"error":{"code":"BadRequest","message":"{\"error\":{\"code\":\"BadRequest\",\"message\":\"Failed to map from region to geo. Region:'southindia'\"}}"}}
I have created microsoft sentinel workspace, while creating analytics rules, the below error…
asked 2023-03-23T14:07:56.27+00:00
Jitendra Pal
0
Reputation points
commented 2023-03-24T17:25:45.9233333+00:00
Marilee Turscak-MSFT
22,296
Reputation points Microsoft Employee
0 answers
Failed to map from region to geo
Hi , What can be the fix for {"error":{"code":"BadRequest","message":"{"error":{"code":"BadRequest","message":"Failed to map from region to geo.…
asked 2023-03-23T14:13:31.69+00:00
Jitendra Pal
0
Reputation points
commented 2023-03-24T17:25:25.8633333+00:00
Marilee Turscak-MSFT
22,296
Reputation points Microsoft Employee
1 answer
How do I integrate Azure Monitor and Azure Sentinel
We use Azure monitor for alerting, and send diagnostic information there as well. We're going to implement Azure Sentinel and Defender for Cloud. For Defender for Cloud, it appears as if we have to already have a log analytics workspace created and…
asked 2023-03-16T14:50:43.4933333+00:00
Richard Duane Wolford Jr
161
Reputation points
commented 2023-03-24T14:14:11.66+00:00
Richard Duane Wolford Jr
161
Reputation points
0 answers
Constraints when using Microsoft Defender for Cloud and Azure Sentinel and Azure Arc against on-premises outside of Azure
I would like to use Microsoft Defender for Cloud and Azure Sentinel and Azure Arc to protect on-premises servers that exist outside of Azure. Microsoft Defender for Cloud and Azure Sentinel and Azure Arc features fall into which of the following…
1 answer
Microsoft Sentinel and log forwarder limitations
We are working with customer case related to Sentinel and there are couple of concerns related to log forwarder servers (when collecting syslog or CEF from devices like firewalls): Customer requires that solution must ensure event data collection even…
asked 2023-03-23T13:08:30.3066667+00:00
Anttu Pekkarinen
0
Reputation points
answered 2023-03-24T07:02:41.1733333+00:00
Clive Watson
2,196
Reputation points MVP
1 answer
Notable Events in Sentinel across all tables
Hi Everyone, We are tasked to prepare a dashboard showing total events and total notable events from Sentinel. While getting total number of events is fairly simple with a query to number of events in each table for selected time frame, we are…
asked 2023-03-21T15:43:18.1433333+00:00
Jain, Shamu
0
Reputation points
edited the question 2023-03-23T22:01:20.09+00:00
JamesTran-MSFT
27,666
Reputation points Microsoft Employee
14 answers
Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft
In Azure Sentinel Connectors are not connected to Microsoft Azure Activity and Threat Intelligence - TAXII Microsoft
asked 2023-03-12T15:51:54.7166667+00:00
Sergey Smirnov
5
Reputation points
commented 2023-03-23T20:32:43.5733333+00:00
Sergey Smirnov
5
Reputation points
3 answers
Sentinel’s JIRA playbook : is it only for cloud instances or also on-premise ?
Hello, I read this documentation : https://learn.microsoft.com/en-us/connectors/jira/?source=docs and it is not mentionned if it works only for cloud or if on-premise instances are also supported. On my side, I tried it with my on-premise…
asked 2022-09-08T14:07:53.18+00:00
SMONDACK Adrien
1
Reputation point
answered 2023-03-23T18:07:24.59+00:00
Shannon Hamby
0
Reputation points
2 answers
One of the answers was accepted by the question author.
Question regarding Azure Sentinel Security Logs
Hi All, We are using azure policy to install AMA and assign data collection rule. the Log analytic workspace is linked to the sentinel. Now, to collect windows security logs via Sentinel connector "Windows Security Events via AMA", do we have…
asked 2023-03-16T17:41:29.72+00:00
Shinde, Balaji
116
Reputation points
commented 2023-03-23T12:08:31.98+00:00
Shinde, Balaji
116
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Sentinel integration with salesforce service cloud.
Where to and How to start integrating sentinel with service cloud?
asked 2020-05-18T12:03:00.227+00:00
Ali Rahimi
21
Reputation points
commented 2023-03-23T10:57:58.7366667+00:00
David Austin
0
Reputation points
1 answer
In which folder the Monitor Alert Rule will fall in Azure-Sentinel Github Repository?
Hello, I have created a Monitor Alert Rule which is used to alert me when my function app fails. Monitor Alert Rule Image: And Also I have created an ARM and YAML template for it. So I am very confused that where should I put my Monitor Alert Rule…
asked 2023-03-16T07:08:21.4766667+00:00
52947435
126
Reputation points
commented 2023-03-22T21:46:27.9033333+00:00
JamesTran-MSFT
27,666
Reputation points Microsoft Employee
1 answer
tabular value converted to scalar doesn't work in subsequent calculation
Hi, I am trying to do a percentage of total count per Event ID in the Security Event Table. My query is as follows: let totalevents = toscalar(SecurityEvent | summarize count()); SecurityEvent | summarize count() by EventID | extend total=totalevents |…
asked 2023-03-15T23:57:17.6033333+00:00
Jeremy Hagan
0
Reputation points
commented 2023-03-21T17:57:10.1233333+00:00
JamesTran-MSFT
27,666
Reputation points Microsoft Employee
2 answers
What are the difference between the filtering parser and parameter-less parser in ASIM parsers?
Hello, I am developing an ASIM parser and following the steps from https://learn.microsoft.com/en-us/azure/sentinel/normalization-develop-parsers#custom-parser-development-process and in that steps there are two parsers a filtering parser and a…
asked 2023-03-13T10:12:48.6333333+00:00
52947435
126
Reputation points
commented 2023-03-21T17:54:23.67+00:00
JamesTran-MSFT
27,666
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Getting error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" is dynamic/array.
In the KQL below, I am getting the error: "has_any(): failed to cast argument 2 to scalar constant" even though the "argument 2" (i.e., disabledAccountSet) is dynamic/array. Source of the KQL: Sign-ins from IPs that attempt sign-ins…
asked 2023-03-07T14:52:43.3133333+00:00
Prakhar Kumar
25
Reputation points
answered 2023-03-21T10:44:21.2266667+00:00
User989846-7900
1
Reputation point
2 answers
One of the answers was accepted by the question author.
Microsoft Sentinel - Caller does not have permissions when deploying automation rule through repositories
I am having trouble deploying an automation rule which calls on a playbook, through an Azure DevOps repository to Microsoft Sentinel. When attempting to deploy the automation rule, I get the error: [Warning] Failed to deploy…
asked 2023-03-16T09:41:01.9366667+00:00
Liam Jones
116
Reputation points
accepted 2023-03-21T08:32:25.7533333+00:00
Liam Jones
116
Reputation points