Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,852 questions
2 answers
In Logic apps how to pass a single backslash (\) as string in another action?
Hello there, I am making an logic app which has one http request action. Inside that http body I want to pass a variable which has a string with backslash But when I tried every single backslash was transformed into two backslash Can…
asked 2022-07-14T04:33:25.483+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bharvi Bhut
181
Reputation points
answered 2022-07-15T06:45:57.917+00:00
Kamlesh Kumar
3,861
Reputation points
0 answers
Blocked download - Azure-512p-maskable.png
Only since 29th June have we observed several Sentinel Incidents across multiple users when they attempt to login, 'Block download on Unmanaged Device' where the blocked download appears to be an Azure image file, 'Azure-512p-maskable.png'. …
asked 2022-07-07T03:21:32.193+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 62%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EID%3C/text%3E%3C/svg%3E)
Irwin, David
1
Reputation point
commented 2022-07-11T04:10:07.263+00:00
Irwin, David
1
Reputation point
1 answer
One of the answers was accepted by the question author.
How to use a Logic app or Fuction app to apply a powershell script to connect into a Fortigate firewall and apply a IP address to a blocked list.
I am using Azure Sentinel with the Fortigate firewall connector to receive CEF logs and filter whenever our firewall detects a failed "SSL-VPN-Login". I created an Antilytic rule that runs the KQL query, //Query Failed VPN Logins …
asked 2022-07-06T23:10:39.793+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 24%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Christopher Gray
41
Reputation points
accepted 2022-07-07T18:45:28.997+00:00
Christopher Gray
41
Reputation points
0 answers
VMware ESXi (Preview) connector for Sentinel not connected
I having problems getting the VMware ESXi (Preview) connector to get connected from Sentinel. From VMware side it seems to be working because I can see the logs getting into the Syslog Linux(Ubuntu)Agent. But From Sentinel the connector shows not…
asked 2022-06-28T19:20:10.557+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 68%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Kibalatu
1
Reputation point
commented 2022-07-06T22:34:45.943+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
2 answers
Is there any way to insert custom data into Incident table(SecurityIncident) of Microsoft Sentinel ?
Can we ingest the data record directly into the Incident table in Microsoft Sentinel? Reference for Microsoft Sentinel Table:
asked 2022-07-04T13:04:08.547+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rushit Ajudiya
146
Reputation points
commented 2022-07-06T16:32:47.123+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
4 answers
Sentinel _LogOperation Alerts and Workbooks
Does anyone has a meaningful alert or workbook related to Sentinel _LogOperation table? Looking at the table content, there is lots of noise.
asked 2022-07-05T16:18:49.693+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 95%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jan Stodola
26
Reputation points
answered 2022-07-06T13:38:08.407+00:00
Clive Watson
5,716
Reputation points MVP
2 answers
MS Sentinel is unable to show outbound traffic malicious incidents for AWS Data Connector
Hi community, We are unable to detect outbound malicious traffic coming from AWS. AWSVPCFLOW does not have the malicious IP details. We are using AWS S3 Connector that is available in Sentinel for AWS connectivity. We are sending detailed flow logs…
asked 2022-06-30T08:27:07.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 48%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Muhammad Sajid Khan
1
Reputation point
commented 2022-07-05T23:37:52.21+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Sentinel connectors using functions
Hi all, within functions that are used as connectors for Sentinel, I see lines of code like 'write-host "Successfully did such and such"... where can I see this output from the code? I'm expecting something similar to the output from a…
asked 2022-07-01T04:57:16.017+00:00
Simon Burbery
546
Reputation points
commented 2022-07-05T07:55:52.823+00:00
Simon Burbery
546
Reputation points
1 answer
How to generate incidents for each record entry in Custom Log Table of Log Analytics Workspace ?
We are trying to create an Incident for every single row of data that is being ingested in a custom log table using an Analytic rule, but it generates just a single incident for all the entries in the custom log table. Is there a way to have an Incident…
asked 2022-07-04T12:55:28.963+00:00
Rushit Ajudiya
146
Reputation points
answered 2022-07-04T22:56:57.87+00:00
Clive Watson
5,716
Reputation points MVP
0 answers
Clearn GitHub Authorization from Sentinel
I'm building out a Sentinel Service an as part of this, I am leveraging GitHub for my Content control. What I'm trying to do is walk through the "Add Repository" process from scratch however, once I've added the Credentials, they're cached. How…
asked 2022-06-28T14:06:09.867+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 24%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Kentucky Mike
21
Reputation points
commented 2022-07-04T21:05:51.793+00:00
Carlos Solís Salazar
16,611
Reputation points
1 answer
One of the answers was accepted by the question author.
KQL - suggest logic for NetIQ use cases
Hello, Can someone suggest a KQL logic for the following use cases: • Brute force attack against user credentials • Potential Password Spray Attack • User login from different countries within 3 hours • Sign-ins from IPs that attempt…
asked 2022-06-29T12:06:16.457+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Georgi Palazov
286
Reputation points
accepted 2022-07-04T13:34:39.327+00:00
Georgi Palazov
286
Reputation points
0 answers
My ask question disappeared from my profile
My ask question disappeared from my profile and l can't make question or answer it and lneed to increase my points in my profile and my friends follow me and answer my questions
asked 2022-07-04T12:15:51.79+00:00
Lamia Elshahat Eldesoky
66
Reputation points
asked 2022-07-04T12:15:51.79+00:00
Lamia Elshahat Eldesoky
66
Reputation points
0 answers
how to improve poweshell logging in sentinel
any thoughts on how to improve powershell logging in Sentinel, beside enabling advanced powershell auditing and using defender for endpoints? I just read this (old) article on blue team practices with powershell and I wonder how much of this is now…
asked 2022-06-24T14:17:55.683+00:00
David Broggy
5,681
Reputation points MVP
commented 2022-07-02T14:11:51.217+00:00
Carlos Solís Salazar
16,611
Reputation points
3 answers
One of the answers was accepted by the question author.
Unable to choose log analytics workspace for policies/sentinel connector
I have a problem regarding Azure Policies / Sentinel. I am unable to link any log analytics workspace to policies for enabling for example diagnostic logs or sentinel connector for resources. The error i got: The resource type 'workspaces' could not…
asked 2022-06-28T08:30:24.683+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 5%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Matias Tontti
96
Reputation points
commented 2022-06-30T17:16:19.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 67%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E8%3C/text%3E%3C/svg%3E)
8iyyd
1
Reputation point
1 answer
Azure Sentinel free ingestion data : is ingestion also free in Log Analytics ?
Hello, simple but yet tricky question : some data are free to ingest in Sentinel such as Office Activity or Alerts. Does "free" means "really free" or does it mean "free in Sentinel but billable in Log analytics" ? …
asked 2021-01-26T11:13:37.04+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 11%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Philippe AUGRAS
1
Reputation point
commented 2022-06-29T08:48:52.16+00:00
Stanislav Zhelyazkov
21,256
Reputation points MVP
2 answers
Log Analytics - Windows security logs
Hello I have configured Azure Log Analytics workspace and two Windows 10 machines have Monitoring Agent installed. The agent is successfully deployed but I cant see any Windows security event logs such as EventID 4624 and 4625. Not sure if there is…
asked 2021-01-18T20:17:30.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 81%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ashco Systems
1
Reputation point
answered 2022-06-28T21:25:56.35+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
KQL - extract values from SyslogMessage - How to?
Hello, I want to extract some information from a SyslogMessage in KQL. Let's assume i have the following Syslog Message: "002E0102","A":"002E","O":"NetIQ Access Manager\nidp" I managed to…
asked 2022-06-24T12:49:02.98+00:00
Georgi Palazov
286
Reputation points
accepted 2022-06-28T11:06:43.477+00:00
Georgi Palazov
286
Reputation points
2 answers
Arc Private Link Scope and AMPLS
Has anyone had any luck getting logs sent over AMPLS to Sentinel with the Security Events via AMA connector? I have tested and validated DNS entries on my Arc servers, but I despite the DCR being up and AMPLS being fully configured I am still not…
asked 2022-06-21T13:56:01.153+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Patrick M. Williams
1
Reputation point
commented 2022-06-28T07:47:31.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,016
Reputation points
0 answers
App center -> Application Insights export getting auto disabled
For mobile app has app centre analytics integrated and export was enabled to azure Application Insights. Often this setting getting disabled automatically result in data lost on application insights. How to determine the root cause?
asked 2022-06-27T06:55:15.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 13%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Dipannita Das
6
Reputation points
commented 2022-06-28T05:22:29.303+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 6%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Leon Lu (Shanghai Wicresoft Co,.Ltd.)
68,656
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
KQL - what does @ stand for in regex extraction
Hello, I want to extract some data from a SyslogMessage and i'm doing fine with the following Syslog | where SyslogMessage contains '<EPOevent>' or ProcessName contains 'EPOEvents' | extend EPO_Thread_ID =…
asked 2022-06-27T12:49:31.223+00:00
Georgi Palazov
286
Reputation points
accepted 2022-06-27T15:12:18.383+00:00
Georgi Palazov
286
Reputation points