Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,812 questions
3 answers
One of the answers was accepted by the question author.
KQL - extract values from SyslogMessage - How to?
Hello, I want to extract some information from a SyslogMessage in KQL. Let's assume i have the following Syslog Message: "002E0102","A":"002E","O":"NetIQ Access Manager\nidp" I managed to…
asked 2022-06-24T12:49:02.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Georgi Palazov
286
Reputation points
accepted 2022-06-28T11:06:43.477+00:00
Georgi Palazov
286
Reputation points
2 answers
Arc Private Link Scope and AMPLS
Has anyone had any luck getting logs sent over AMPLS to Sentinel with the Security Events via AMA connector? I have tested and validated DNS entries on my Arc servers, but I despite the DCR being up and AMPLS being fully configured I am still not…
asked 2022-06-21T13:56:01.153+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Patrick M. Williams
1
Reputation point
commented 2022-06-28T07:47:31.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,106
Reputation points
0 answers
App center -> Application Insights export getting auto disabled
For mobile app has app centre analytics integrated and export was enabled to azure Application Insights. Often this setting getting disabled automatically result in data lost on application insights. How to determine the root cause?
asked 2022-06-27T06:55:15.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 13%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Dipannita Das
6
Reputation points
commented 2022-06-28T05:22:29.303+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 6%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Leon Lu (Shanghai Wicresoft Co,.Ltd.)
68,656
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
KQL - what does @ stand for in regex extraction
Hello, I want to extract some data from a SyslogMessage and i'm doing fine with the following Syslog | where SyslogMessage contains '<EPOevent>' or ProcessName contains 'EPOEvents' | extend EPO_Thread_ID =…
asked 2022-06-27T12:49:31.223+00:00
Georgi Palazov
286
Reputation points
accepted 2022-06-27T15:12:18.383+00:00
Georgi Palazov
286
Reputation points
1 answer
Country Specific Reports in Microsoft 365 Defender Portal (Security.microsoft.com)
Is it possible to generate reports highlighting security trends (Identity, Data, Devices and Apps) for a company that has presence in various countries using Microsoft 365 defender or a similar product. I will appreciate ideas..
asked 2022-06-22T12:54:36.99+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 21%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Christopher Poluyi
21
Reputation points
answered 2022-06-23T07:36:04.35+00:00
Limitless Technology
39,371
Reputation points
0 answers
Microsoft learn eductor center
How to earn Reputation points
asked 2022-06-22T13:05:09.537+00:00
Mohamed Abdel-Dayem Mahmoud Sorour
31
Reputation points
commented 2022-06-22T13:05:41.557+00:00
Mohamed Abdel-Dayem Mahmoud Sorour
31
Reputation points
1 answer
What is the Diffrent Between Data Connecters and Contect Hub Microsoft Sentinel
Hello, i need to add Cisco Umbrella, but i can see there plug in Data Contender and Content Hub so i would like to know What is the Different
asked 2022-06-21T07:30:08.533+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 75%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
odweik
21
Reputation points
answered 2022-06-21T10:50:43.087+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 74%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Gary Bushey
176
Reputation points
1 answer
Does sentinel have a sub playbook/ combine two playbook mechanisms or not?
We are creating an azure logic app and we need to call one playbook from another playbook. So can we call one playbook from another playbook and pass input parameters to the second playbook? Also is it allowed to return a response back to calling…
asked 2022-06-16T06:15:59.483+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 14.000000000000002%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jayesh Prajapati
1
Reputation point
answered 2022-06-16T21:01:02.93+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
1 answer
How to use Polling in Azure sentinel Playbook
We have to implement a functionality in the azure logic app in which we need to wait till one API call gets completed and during that time we need to poll the status of that process periodically using another API call. Also we have a condition on which…
asked 2022-06-16T06:18:55.97+00:00
Jayesh Prajapati
1
Reputation point
answered 2022-06-16T18:56:51.687+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
0 answers
OMS Agent (CEF) w/ Private Link
Is it possible to send CEF logs over Private Link to workspace my Sentinel uses? I currently have a log forwarder (OMS Agent) in Azure for my remote firewalls and one at my HQ (where my ExpressRoute is located). I want to send the logs at the HQ over…
asked 2022-06-15T15:06:17.027+00:00
Patrick M. Williams
1
Reputation point
commented 2022-06-16T13:40:45.99+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj
7,581
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
why this cron expression is not working in my azure function app ?
I have created three timer trigger function apps with below cron expression for each function apps on 26th May 2022 and it was working perfectly. 1st cron expression --> 0 0 * * * * -------> run every hour like 1,2,3,4,... 2nd…
asked 2022-06-12T06:01:04.777+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rushit Ajudiya
146
Reputation points
accepted 2022-06-16T10:26:04.697+00:00
Rushit Ajudiya
146
Reputation points
3 answers
One of the answers was accepted by the question author.
Have all the decals moved؟
I want to make sure the badges are transmitted
asked 2022-06-09T17:21:01.99+00:00
Nadia Mohamed AbdElwahabAli
41
Reputation points
answered 2022-06-15T03:52:02.53+00:00
بدرية سعيد ناصر المسكري
26
Reputation points
1 answer
microsoft loginproblem
I am using Microsoft authentication to authenticate my portal user, I integrate Microsoft authentication with my Django project and I successfully redirect my user to Microsoft login screen but when I enter user credentials it appears (…
asked 2022-06-13T13:18:06.527+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 63%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ali Shavaiz
1
Reputation point
answered 2022-06-15T00:42:56.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 33%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Engineer/Nora Gomaa _teacher at Al-Azhar Al-Sharif
1
Reputation point
0 answers
Getting error while trying to deploy Sentinel DATP connector
When i try and deploy the DATP connector using either ARM template or Powershell script, I receive the below error message { "code": "DeploymentFailed", "message": "At least one resource deployment…
asked 2022-06-13T12:12:43.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 69%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Chris Brothwood
1
Reputation point
asked 2022-06-13T12:12:43.39+00:00
Chris Brothwood
1
Reputation point
1 answer
Is there a table to know what data type a Logic app dynamic content is for Sentinel?
I am working on connecting my Sentinel solution to SNOW. I'm running into an issue whenever I select a value that has an Array. Once the For each control kicks in, the Logic App fails after adding a Second Array. Example: Added Sentinel…
asked 2022-06-04T19:16:26.177+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Kentucky Mike
51
Reputation points
commented 2022-06-13T04:57:02.8+00:00
MayankBargali-MSFT
68,656
Reputation points
1 answer
Link to upload Microsoft Edge
Can you please send me the link to upload Microsoft edge ?
Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,145 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
986 questions
asked 2022-05-27T17:48:02.173+00:00
KHAZ IBTISSAM
111
Reputation points
answered 2022-06-09T12:18:14.837+00:00
Leila KHAMMASSI
571
Reputation points
0 answers
Two Microsoft Defender for Identity Alerts Missing Content
Hello, Two Defender for Identity alerts that we get regularly come in with almost no information. We believe there is something wrong with the sensor but don't have visibility on it. Account enumeration reconnaissance (on one endpoint) …
asked 2022-05-12T20:14:09.667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 7.000000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Russel Christie
41
Reputation points
commented 2022-06-08T23:25:45.303+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
34,121
Reputation points Microsoft Employee
1 answer
Integrate Syslog data connector in Sentinel
Hi Team, Could please help steps in details to integrate the syslog data connector in sentinel. Regards, Ravi Teja
asked 2022-06-06T05:57:21.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 26%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Ravi Teja
1
Reputation point
answered 2022-06-06T10:36:53.493+00:00
Gary Bushey
176
Reputation points
0 answers
Tea!ms connection failure!
Hello! Depuis quelques jours je n'arrive pas à me connecter à mon compte teams :il s'affiche code d'erreur contacter votre orgainzation ....
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,122 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,538 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
986 questions
asked 2022-05-23T17:51:00.94+00:00
Leila KHAMMASSI
571
Reputation points
commented 2022-06-06T05:44:11.553+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yuki Sun-MSFT
40,866
Reputation points
1 answer
Azure Solution for Streaming Logs - SIEM
Hello, I am planning to use Azure sentinel for my on-premises and cloud workloads/devices. Like any other SIEM solution, Sentinel requires you to have a log collector where all the devices(Syslog,CEF) can send the logs and than they are transported…
asked 2022-05-04T08:24:44.13+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 12%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Nouman Khan
21
Reputation points
commented 2022-06-03T09:55:39.297+00:00
Nouman Khan
21
Reputation points