I need guide to configure Solaris v10 devices to forward logs to Azure Sentinel
I need guide to configure Solaris v10 devices to forward logs to Azure Sentinel. Can someone please help me with steps\document.
Content Hub is missing Solutions
Hello, In the content hub I am only seeing 34 solutions. 24 hours ago I was able to see over 200 solutions. I have Azure Activity data connector installed and configured but in the content hub it says I have 0 installed. When I try to search for a…
ADX cost estimation
I want to prepare an estimate for ADX with 2TB monthly data.. I checked this link "https://dataexplorer.azure.com/AzureDataExplorerCostEstimator.html " . What should I put in for the field "Estimated Data Compression (x times)" …
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
Bulk delete Sentinel Threat Intelligence
I used Workspace Purge Rest API to bulk delete Sentinel threat intelligence. I used the api to remove intelligence from 'ThreatIntelligenceIndicator' table on sentinel but this did not end up deleting them from Sentinel threat intelligence (under Threat…
Microsoft sentinel - Data connector shows disconnected after installing
We recently activated Sentinel to give it a trial run. I set up a separate workspace for Sentinel and installed some data connectors. However, the WAF is still showing as disconnected even after installing and configuring it. We've only got WAF, not…
Microsoft Sentinel Threat Indicators API - nextLink returns same page
Hello, I have an issue where the nextLink is always returning the first page of the Threat Indicators in Sentinel. I'm using the following API-Uri to retrieve all Threat Indicators in a Sentinel Workspace…
Query set to run in my Logic App is timing out and failing
Hello everyone. I am trouble shooting an issue with my Logic App in which after an incident triggers, the next step is to run the query and list the results, but this part of the Logic App is what is timing out and failing. When reading the timeout…
Fortinet Playbook Deployment
Hello, Has anyone managed to create the three playbooks that are part of the solution for Fortinet without issues? I am having several issues with all of…
Adding tenable.io connector to Microsoft Sentinel
I am trying to connect tenable io connector to my Sentinel instance. I have followed the steps and provided the access key and other information requested. I can see in my resource group that everything was successfully deployed with app insight and…
Can't get my app to show up on Sentinel Content Hub
Hello, I am new to the partner portal. We've submitted our app to the partner portal and its been fully published. However, when I search for it in the Content Hub under Sentinel, I cannot find it. How do I get it so that my app shows up? We've…
When an alert is generated in XDR and then synced to Sentinel
When an alert is generated in XDR and then synced to Sentinel, is it possible to measure the time it takes for the alert to be synced? Is there a query that can be used to measure this time in minutes?
Sentinel Services on Azure Portal Showing Non-Sentinel Enabled Workspaces as Well
I have two Log analytics Workspaces, only one with Sentinel enabled, but both the workspaces are shown on Sentinel page on Azure portal, which makes it confusing. Is this default behaviour or can be switched off?
Cisco FTD data connector
Hello, I have a customer that is configuring the CISCO FTD data connector. But they say CISCO FTD documentation shows it support only syslog format. They would like some clarification on the following questions: I. Clarify whether Cisco FTD supports…
Data ingestion for Specific data/ specific time period data in table.
In azure sentinel I can calculate data ingestion for whole table but is there any way through which I can calculate specific size of data. Ex : In azure table how much data ingested in last 1 hour. Something like Search criteria & then…
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition. Also, want to check if there is any impact on tenant, subscription and Log analytical workspace…
Fortinet Connector or CEF AMA Connector? - Sentinel
Hello, Client has Fortinet connector but is having to filter logging so that the log ingestion is not massively costly. I'm sure we could achieve better results using the CEF AMA connector to filter out the security logs from syslog but not sure what to…
How to optimize amount of data sent via LogsIngestionClient.upload operation
Hi, I am using logs ingestion client in python to upload data. My usecase is to read messages off of aws sqs and build payloads that can be sent via LogsIngestionClient client. I built a simple timer trigger function app that reads aws sqs for new…
Retention log
Hi all, I would like to know some information about the Sentinel log ingestion pricing. My goal is to increase this period to 1 year. What I read is the possibility not to ingest that log (saving money) but to use the archived period to store these…
Syslog via Legacy Agent Microsoft Sentinel
We have an Ubuntu Azure VM for our log collector for Sentinel. We have had some issues with the syslog via legacy agent as of late, but those have been resolved. (Yes I know this connector is going away, but for now I want it working). We send logs…