GitHub 500 internal server error
I'm attempting to install analytics via a GitHub repository and when I get to to the authorize step I get the following error. Operation name: Listrepositories Time stamp: Wed Aug 31 2022 08:32:50 GMT-0400 (Eastern Daylight Time) Event…
Microsoft Azure Down
hi There, Is Microsoft Azure is down all over the region? https://status.azure.com/en-us/status May we know the root cause and the estimated timeline to recover? Thanks
Deploying and managing Sentinel out-of-box content as code
Hello, Could anyone chime in with their approach to automating the deployment and management of Sentinel out-of-box content as code? Posted in January 2020 there is the Microsoft Sentinel Blog post by Javier Soriano, describing a community…
Questions about microsoft sentinel ueba users
Do users have to be members of Azure Active Directory when using the microsoft sentinel UEBA feature? Can I use the logs of users of my other applications and related login information for UEBA analysis? If so how should I transfer my users to microsoft…
Is CEF connector with custom log file possible?
Hello, I am trying to configure CEF connector using a Linux VM as log forwarder. getting a folder of syslog in connected log analytic workspace instead of "CommonSecurityEvent". I am getting the data In that syslog table now…
WSUS :- MS office patches are not install
Using WSUS MS office patches are not install for some End Point system OS is Windows 10 21H2.Remaining security & all patch deployed. can help me is what issues
Azure sentinel-Cisco ASA Parser
Hi There, We have onboarded CISCO ASA logs into sentinel using plain syslog server. Is there a way to onboard it via CEF syslog server or is there any parser available for CISCO ASA logs. The log format is linked below …
Log Analytics Agent for Linux fails to disable synchronization with "OMS_MetaConfigHelper.py --disable"
I have a Ubuntu 20.04.3 LTS server I configured to be a CEF log forwarder to Microsoft Sentinel for Cisco ASA(s). After installing the agent I tried to run the command to disable syslog from duplicating messages to Sentinel as noted in…
Azure Sentinel Workbooks (Dashboad) - distinct when chosen from the drop down
Hi team, I am preparing a dashboard that is built from 2 filters: the name of the application and the name of the user. Is there a way to make it so when I select a user it will "distinct" all the applications related to that user? …
Restore Purged MailRe
Can we restore purged mails which are purged using the command get-compliancesearchaction I have soft deleted the mails. Please let me know can we restore those mails.
Network device discovery and vulnerability management : Supported OS
Hello, I would like to know if Microsoft Defender Vulnerability Management can discover Fortinet firewalls and scan associated vulns ? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide …
Join Sentinel Entity Json in Logicapp
Sentinel alert Entity output in Logicapp is in below format [ { "$id": "3", "Name": “randamuser1”, "Type": "account" }, { "$id": "4", …
Auzure Service Health - Data in Microsoft Sentinel for SOC Service providers
Intro baseVISION provides SOC Services for customers. In the role of SOC provider, we should receive alerts if any Azure Services fails with regard to Security. We had to check every individual customer tenant for the following issue instead of…
invoking | summarize d= make_set(DeviceId) returning null values from API. If I convert make_set to tostring then results are appearing. | summarize d= tostring(make_set(DeviceId)) but the d is becoming string.
API details: https://api-eu.securitycenter.windows.com/api/advancedqueries/run KQL invoking | summarize d= make_set(DeviceId) returning null values from API. If I convert make_set to tostring then results are appearing. | summarize d=…
Sentinel Analytics Query Time Generated filter
Hi, When Sentinel Custom analytics query is built do we need to mention the time generated filter in query. E.g: If am writing a Custom analytics to Run query every 1 hour and look for data for last 1 hour do i still send to mention Time…
While packaging solution in azure sentinel I am facing an error called InvalidOperation.
I want to publish one solution on sentinel and following official document, README.md Here while packaging that solution I am facing one error in between which is, getting this error while generating playbook template. Can anyone please…
I am not able to schedule az 104 exam
Hi, My 104 certificate is expire d and I want to take the exam again. But, I am getting below error while scheduling the exam. 50080: Our records indicate that you have already taken this exam. You can only retake this exam if you previously…
KQL Query to verify diagnostic logs
Hello Folks If i set a diagnostic setting for example of a storage account , how can i verify the log is coming to sentinel in last few min or hrs . Usually we use Azure diagnostic and Azure activity then pipe to build a single query but i…
Parsing multiline data in Sentinel
Hi, We are getting data into LogAnalytics in following format; One RaW logs has multiple lines in the log file and they repeat for each operations performed in the same log file Reverse date time = 487930544 Sequence number = 2147488705 …
Why some of the column data is not posted to log analytics workspace though it is showing in logs of Azure Function App?
I have created a timer trigger function app that is ingesting data into Azure Log Analytics Workspace. while ingesting data I have printed the logs and it is showing the data that will be pushed to log analytics workspace the log is in below image. …