Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
974 questions
1 answer
I need guide to configure Solaris v10 devices to forward logs to Azure Sentinel
I need guide to configure Solaris v10 devices to forward logs to Azure Sentinel. Can someone please help me with steps\document.
asked 2021-09-10T10:52:29.587+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Singh, Sushmita[Non-Employee]
6
Reputation points
commented 2024-04-10T07:27:26.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 20%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
adewale Yusuf
0
Reputation points
3 answers
Content Hub is missing Solutions
Hello, In the content hub I am only seeing 34 solutions. 24 hours ago I was able to see over 200 solutions. I have Azure Activity data connector installed and configured but in the content hub it says I have 0 installed. When I try to search for a…
asked 2024-04-04T17:37:32.05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 84%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOF%3C/text%3E%3C/svg%3E)
Owen Finn
0
Reputation points
commented 2024-04-10T07:07:05.9933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
27,301
Reputation points Microsoft Employee
1 answer
ADX cost estimation
I want to prepare an estimate for ADX with 2TB monthly data.. I checked this link "https://dataexplorer.azure.com/AzureDataExplorerCostEstimator.html " . What should I put in for the field "Estimated Data Compression (x times)" …
asked 2022-02-25T11:04:46.533+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 96%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Soumya Banerjee
126
Reputation points
commented 2024-04-09T11:27:08.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 14.000000000000002%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Kaspar Kwok
0
Reputation points
1 answer
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
asked 2024-04-05T11:33:16.4333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Disha Bodade
45
Reputation points
edited an answer 2024-04-08T23:21:12.0966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
33,801
Reputation points Microsoft Employee
1 answer
Bulk delete Sentinel Threat Intelligence
I used Workspace Purge Rest API to bulk delete Sentinel threat intelligence. I used the api to remove intelligence from 'ThreatIntelligenceIndicator' table on sentinel but this did not end up deleting them from Sentinel threat intelligence (under Threat…
asked 2024-04-04T15:08:19.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 10%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Anchal Singh
0
Reputation points
commented 2024-04-08T12:47:40.98+00:00
Shweta Mathur
27,301
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Microsoft sentinel - Data connector shows disconnected after installing
We recently activated Sentinel to give it a trial run. I set up a separate workspace for Sentinel and installed some data connectors. However, the WAF is still showing as disconnected even after installing and configuring it. We've only got WAF, not…
asked 2024-04-03T09:28:25.2866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Someiah C S
60
Reputation points
accepted 2024-04-04T11:19:43.0166667+00:00
Someiah C S
60
Reputation points
2 answers
Microsoft Sentinel Threat Indicators API - nextLink returns same page
Hello, I have an issue where the nextLink is always returning the first page of the Threat Indicators in Sentinel. I'm using the following API-Uri to retrieve all Threat Indicators in a Sentinel Workspace…
asked 2024-03-23T21:12:01.4666667+00:00
Benedict Schmieder
0
Reputation points
answered 2024-04-03T11:27:05.8933333+00:00
Benedict Schmieder
0
Reputation points
0 answers
Query set to run in my Logic App is timing out and failing
Hello everyone. I am trouble shooting an issue with my Logic App in which after an incident triggers, the next step is to run the query and list the results, but this part of the Logic App is what is timing out and failing. When reading the timeout…
asked 2024-03-21T13:17:52.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 62%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Matthew Agosta
0
Reputation points
edited a comment 2024-04-03T09:27:33.3133333+00:00
Clive Watson
5,711
Reputation points MVP
1 answer
Fortinet Playbook Deployment
Hello, Has anyone managed to create the three playbooks that are part of the solution for Fortinet without issues? I am having several issues with all of…
asked 2024-03-15T13:12:51.48+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 20%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
rob wood
41
Reputation points
commented 2024-04-01T17:26:19.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
27,566
Reputation points Microsoft Employee
1 answer
Adding tenable.io connector to Microsoft Sentinel
I am trying to connect tenable io connector to my Sentinel instance. I have followed the steps and provided the access key and other information requested. I can see in my resource group that everything was successfully deployed with app insight and…
asked 2024-03-09T15:00:27.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 51%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETO%3C/text%3E%3C/svg%3E)
Taiwo Oyewo
21
Reputation points
commented 2024-04-01T12:08:40.56+00:00
Givary-MSFT
27,566
Reputation points Microsoft Employee
1 answer
Can't get my app to show up on Sentinel Content Hub
Hello, I am new to the partner portal. We've submitted our app to the partner portal and its been fully published. However, when I search for it in the Content Hub under Sentinel, I cannot find it. How do I get it so that my app shows up? We've…
asked 2024-03-11T17:30:04.44+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 99%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
Dan White
0
Reputation points
commented 2024-04-01T12:05:48.5066667+00:00
Givary-MSFT
27,566
Reputation points Microsoft Employee
1 answer
When an alert is generated in XDR and then synced to Sentinel
When an alert is generated in XDR and then synced to Sentinel, is it possible to measure the time it takes for the alert to be synced? Is there a query that can be used to measure this time in minutes?
asked 2024-03-28T11:16:13.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 87%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Koonnamchok Klongkaew
140
Reputation points
commented 2024-04-01T09:41:38.8633333+00:00
Shweta Mathur
27,301
Reputation points Microsoft Employee
1 answer
Sentinel Services on Azure Portal Showing Non-Sentinel Enabled Workspaces as Well
I have two Log analytics Workspaces, only one with Sentinel enabled, but both the workspaces are shown on Sentinel page on Azure portal, which makes it confusing. Is this default behaviour or can be switched off?
asked 2024-03-25T05:30:32.03+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 93%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
Gorav Gandhi
1
Reputation point
commented 2024-04-01T08:01:02.1766667+00:00
Shweta Mathur
27,301
Reputation points Microsoft Employee
1 answer
Cisco FTD data connector
Hello, I have a customer that is configuring the CISCO FTD data connector. But they say CISCO FTD documentation shows it support only syslog format. They would like some clarification on the following questions: I. Clarify whether Cisco FTD supports…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 24%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Data ingestion for Specific data/ specific time period data in table.
In azure sentinel I can calculate data ingestion for whole table but is there any way through which I can calculate specific size of data. Ex : In azure table how much data ingested in last 1 hour. Something like Search criteria & then…
asked 2024-03-28T08:22:59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 23%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E9%3C/text%3E%3C/svg%3E)
94554605
40
Reputation points
commented 2024-03-29T07:02:40.4733333+00:00
Givary-MSFT
27,566
Reputation points Microsoft Employee
2 answers
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition. Also, want to check if there is any impact on tenant, subscription and Log analytical workspace…
asked 2023-05-26T07:23:04.3633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 72%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
Parshuram Tularam Kushwah
0
Reputation points
commented 2024-03-28T14:56:41.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 10%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
Justin Venter
80
Reputation points Microsoft Employee
4 answers
Fortinet Connector or CEF AMA Connector? - Sentinel
Hello, Client has Fortinet connector but is having to filter logging so that the log ingestion is not massively costly. I'm sure we could achieve better results using the CEF AMA connector to filter out the security logs from syslog but not sure what to…
asked 2024-02-29T15:03:56.91+00:00
rob wood
41
Reputation points
answered 2024-03-26T19:39:38.2066667+00:00
Marilee Turscak-MSFT
33,801
Reputation points Microsoft Employee
1 answer
How to optimize amount of data sent via LogsIngestionClient.upload operation
Hi, I am using logs ingestion client in python to upload data. My usecase is to read messages off of aws sqs and build payloads that can be sent via LogsIngestionClient client. I built a simple timer trigger function app that reads aws sqs for new…
asked 2024-03-26T01:19:20.7733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
60
Reputation points
edited the question 2024-03-26T17:51:42.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT
11,551
Reputation points
2 answers
One of the answers was accepted by the question author.
Retention log
Hi all, I would like to know some information about the Sentinel log ingestion pricing. My goal is to increase this period to 1 year. What I read is the possibility not to ingest that log (saving money) but to use the archived period to store these…
asked 2024-03-12T14:29:02.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 85%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Roberto D'Andrea
20
Reputation points
accepted 2024-03-22T08:26:42.8233333+00:00
Roberto D'Andrea
20
Reputation points
1 answer
Syslog via Legacy Agent Microsoft Sentinel
We have an Ubuntu Azure VM for our log collector for Sentinel. We have had some issues with the syslog via legacy agent as of late, but those have been resolved. (Yes I know this connector is going away, but for now I want it working). We send logs…
asked 2024-03-20T14:27:59.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 85%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
jreece22
0
Reputation points
answered 2024-03-22T07:22:44.7266667+00:00
Akshay-MSFT
16,026
Reputation points Microsoft Employee