Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,000 questions
1 answer
One of the answers was accepted by the question author.
GitHub 500 internal server error
I'm attempting to install analytics via a GitHub repository and when I get to to the authorize step I get the following error. Operation name: Listrepositories Time stamp: Wed Aug 31 2022 08:32:50 GMT-0400 (Eastern Daylight Time) Event…
asked 2022-08-31T13:30:41.877+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
George Zerphey
131
Reputation points
accepted 2022-08-31T19:11:34.137+00:00
George Zerphey
131
Reputation points
1 answer
Microsoft Azure Down
hi There, Is Microsoft Azure is down all over the region? https://status.azure.com/en-us/status May we know the root cause and the estimated timeline to recover? Thanks
asked 2022-08-30T12:26:48.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 81%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nafila Afrin
111
Reputation points
answered 2022-08-30T12:51:32.63+00:00
Nadav Ben Haim
496
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Deploying and managing Sentinel out-of-box content as code
Hello, Could anyone chime in with their approach to automating the deployment and management of Sentinel out-of-box content as code? Posted in January 2020 there is the Microsoft Sentinel Blog post by Javier Soriano, describing a community…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 55.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
2 answers
Questions about microsoft sentinel ueba users
Do users have to be members of Azure Active Directory when using the microsoft sentinel UEBA feature? Can I use the logs of users of my other applications and related login information for UEBA analysis? If so how should I transfer my users to microsoft…
asked 2022-08-24T09:22:51.743+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 28.999999999999996%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Dy_fighting
1
Reputation point
answered 2022-08-26T10:53:30.83+00:00
Clive Watson
5,721
Reputation points MVP
1 answer
Is CEF connector with custom log file possible?
Hello, I am trying to configure CEF connector using a Linux VM as log forwarder. getting a folder of syslog in connected log analytic workspace instead of "CommonSecurityEvent". I am getting the data In that syslog table now…
asked 2022-08-25T13:18:32.077+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 14.000000000000002%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jayesh Prajapati
1
Reputation point
commented 2022-08-26T05:55:47.01+00:00
Jayesh Prajapati
1
Reputation point
2 answers
WSUS :- MS office patches are not install
Using WSUS MS office patches are not install for some End Point system OS is Windows 10 21H2.Remaining security & all patch deployed. can help me is what issues
asked 2022-08-18T06:26:28.147+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 78%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Aniket Subhash Pardeshi
1
Reputation point
commented 2022-08-25T09:00:43.533+00:00
Amandayou-MSFT
11,051
Reputation points
2 answers
Azure sentinel-Cisco ASA Parser
Hi There, We have onboarded CISCO ASA logs into sentinel using plain syslog server. Is there a way to onboard it via CEF syslog server or is there any parser available for CISCO ASA logs. The log format is linked below …
asked 2022-08-23T02:27:55.88+00:00
Nafila Afrin
111
Reputation points
answered 2022-08-24T03:19:56.217+00:00
David Broggy
5,686
Reputation points MVP
1 answer
Log Analytics Agent for Linux fails to disable synchronization with "OMS_MetaConfigHelper.py --disable"
I have a Ubuntu 20.04.3 LTS server I configured to be a CEF log forwarder to Microsoft Sentinel for Cisco ASA(s). After installing the agent I tried to run the command to disable syslog from duplicating messages to Sentinel as noted in…
asked 2022-01-28T21:36:51.397+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 88%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AzureJoel
1
Reputation point
commented 2022-08-23T04:53:40.137+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 55.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
William Shead
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Azure Sentinel Workbooks (Dashboad) - distinct when chosen from the drop down
Hi team, I am preparing a dashboard that is built from 2 filters: the name of the application and the name of the user. Is there a way to make it so when I select a user it will "distinct" all the applications related to that user? …
asked 2022-08-22T07:41:09.063+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 8%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Alon Keilin
141
Reputation points
accepted 2022-08-22T09:00:41.017+00:00
Alon Keilin
141
Reputation points
0 answers
Restore Purged MailRe
Can we restore purged mails which are purged using the command get-compliancesearchaction I have soft deleted the mails. Please let me know can we restore those mails.
asked 2022-08-20T08:39:00.53+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Preeti Rani
1
Reputation point
asked 2022-08-20T08:39:00.53+00:00
Preeti Rani
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Network device discovery and vulnerability management : Supported OS
Hello, I would like to know if Microsoft Defender Vulnerability Management can discover Fortinet firewalls and scan associated vulns ? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide …
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 44%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
2 answers
Join Sentinel Entity Json in Logicapp
Sentinel alert Entity output in Logicapp is in below format [ { "$id": "3", "Name": “randamuser1”, "Type": "account" }, { "$id": "4", …
asked 2022-08-14T05:42:36.047+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 48%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Karthick G
101
Reputation points
answered 2022-08-18T04:54:50.56+00:00
MayankBargali-MSFT
69,421
Reputation points
1 answer
Auzure Service Health - Data in Microsoft Sentinel for SOC Service providers
Intro baseVISION provides SOC Services for customers. In the role of SOC provider, we should receive alerts if any Azure Services fails with regard to Security. We had to check every individual customer tenant for the following issue instead of…
asked 2022-06-27T14:49:05.577+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 2%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jürg Meier
6
Reputation points
answered 2022-08-17T16:09:47.443+00:00
Clive Watson
5,721
Reputation points MVP
3 answers
invoking | summarize d= make_set(DeviceId) returning null values from API. If I convert make_set to tostring then results are appearing. | summarize d= tostring(make_set(DeviceId)) but the d is becoming string.
API details: https://api-eu.securitycenter.windows.com/api/advancedqueries/run KQL invoking | summarize d= make_set(DeviceId) returning null values from API. If I convert make_set to tostring then results are appearing. | summarize d=…
asked 2022-08-04T06:47:40.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 28.000000000000004%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Balaji Thambisetty
1
Reputation point
answered 2022-08-17T09:50:56.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Ian Xue (Shanghai Wicresoft Co., Ltd.)
31,091
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Sentinel Analytics Query Time Generated filter
Hi, When Sentinel Custom analytics query is built do we need to mention the time generated filter in query. E.g: If am writing a Custom analytics to Run query every 1 hour and look for data for last 1 hour do i still send to mention Time…
asked 2022-07-29T06:47:45.77+00:00
Karthick G
101
Reputation points
accepted 2022-08-14T05:44:28.613+00:00
Karthick G
101
Reputation points
1 answer
While packaging solution in azure sentinel I am facing an error called InvalidOperation.
I want to publish one solution on sentinel and following official document, README.md Here while packaging that solution I am facing one error in between which is, getting this error while generating playbook template. Can anyone please…
asked 2022-07-25T13:21:06.017+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bharvi Bhut
181
Reputation points
answered 2022-08-12T09:57:55.757+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Humberto Marinho
1
Reputation point
1 answer
I am not able to schedule az 104 exam
Hi, My 104 certificate is expire d and I want to take the exam again. But, I am getting below error while scheduling the exam. 50080: Our records indicate that you have already taken this exam. You can only retake this exam if you previously…
asked 2022-07-27T14:27:10.517+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 64%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rohit
1
Reputation point
answered 2022-08-12T02:57:47.097+00:00
Humberto Marinho
1
Reputation point
2 answers
One of the answers was accepted by the question author.
KQL Query to verify diagnostic logs
Hello Folks If i set a diagnostic setting for example of a storage account , how can i verify the log is coming to sentinel in last few min or hrs . Usually we use Azure diagnostic and Azure activity then pipe to build a single query but i…
asked 2022-08-10T00:10:10.273+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Mohammed Altamash Khan
2,081
Reputation points
accepted 2022-08-10T17:49:26.267+00:00
Mohammed Altamash Khan
2,081
Reputation points
2 answers
Parsing multiline data in Sentinel
Hi, We are getting data into LogAnalytics in following format; One RaW logs has multiple lines in the log file and they repeat for each operations performed in the same log file Reverse date time = 487930544 Sequence number = 2147488705 …
asked 2022-08-08T06:38:27.657+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 7.000000000000001%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
Gaurav Ramteke
1
Reputation point
commented 2022-08-09T05:47:04.883+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 1%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
GauravRamteke
1
Reputation point
0 answers
Why some of the column data is not posted to log analytics workspace though it is showing in logs of Azure Function App?
I have created a timer trigger function app that is ingesting data into Azure Log Analytics Workspace. while ingesting data I have printed the logs and it is showing the data that will be pushed to log analytics workspace the log is in below image. …
asked 2022-08-02T07:24:42.927+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rushit Ajudiya
146
Reputation points
commented 2022-08-09T03:59:05.64+00:00
MayankBargali-MSFT
69,421
Reputation points