Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,794 questions
2 answers
How to get all the data from column in conditional statement using KQL in Workbook
I am using kql query name_of_log_table | where abc has "103.90.06.102" | where pqr == "def" | project ip to get specific ip address from log table from the column name abc but now i want to get all the data from that…
asked 2022-05-20T06:34:20.827+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 82%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Preet Parikh
1
Reputation point
answered 2022-05-20T12:30:57.597+00:00
Clive Watson
5,711
Reputation points MVP
0 answers
Logs not visible in Azure function app monitor
We have a schedule cron time expression of 15 minutes of timer trigger function app. At each trigger we ingest some amount of data into sentinel from total 2,75,00,000 records. While ingesting this data we are unable to see some of the logs in azure…
asked 2022-05-18T09:21:39.323+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rushit Ajudiya
146
Reputation points
commented 2022-05-19T10:22:42.807+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT
18,286
Reputation points
0 answers
MSTICPY config https://stackoverflow.com/questions/60160686/syntaxerror-in-jupypter-notebook-for-msticpy-queryproviderfile Error
Getting an error while setting up the MSTICPy Configuration. On running the code below I am getting an error ValueError: File not found: 'None'. from msticpy.config import MpConfigEdit import os mp_conf = "msticpyconfig.yaml" check if…
asked 2022-05-10T10:01:28.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Lopamudra Bhattacharjee
1
Reputation point
commented 2022-05-16T23:29:30.33+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Drill down in azure sentinel workbook
In Splunk, we have the drill-down option in the dashboard so is that possible in azure sentinel workbook? consider I have one chart(tile or piechart) so when I click on that I want to open another tab with specific kql, visualization and dynamic…
asked 2022-04-21T09:34:13.513+00:00
Rushit Ajudiya
146
Reputation points
accepted 2022-05-16T17:18:17.18+00:00
Rushit Ajudiya
146
Reputation points
2 answers
MMC has detected an error in a snap-in" message
In windows 10 , whenever an application is tried to start , it displays the error "MMC has detected an error in a snap-in" message The application tried are Microsoft Management Console Local Security Policy rsop.msc
asked 2022-05-12T09:12:11.107+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 34%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Kamlesh Mishra
6
Reputation points
answered 2022-05-12T11:38:23.07+00:00
Kamlesh Mishra
6
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Monitor - Security Logs to Log Analytics
Hi, The solution requirement is to store Audit Logs (Security logs) from the Azure Monitor in Azure Log Analytics. After installing an agent for Azure Monitor and checking the collected logs, it is understood that Security logs are not…
asked 2022-03-25T10:46:01.547+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 77%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sumeetha Mogasati
126
Reputation points
accepted 2022-05-10T10:05:35.763+00:00
Sumeetha Mogasati
126
Reputation points
3 answers
Azure Sentinel + LightHouse minimize costs
Hello, Currently I am using Lighthouse to integrate Tenant A with Tenant B. Tenant A has a log analytics workspace and a Microsoft Sentinel, and is being used has a central SIEM for all log sources. We have used Lighthouse to have access to the Tenant…
asked 2022-05-04T14:33:41.833+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 42%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marco Pereira
1
Reputation point
answered 2022-05-04T15:48:36.743+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
1 answer
Archive Az Activity and Usage for 120 days
Need some suggestions I have been able to set the archive through the powershell code as mentioned in "https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1" . …
asked 2022-04-25T04:49:17.717+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 96%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Soumya Banerjee
126
Reputation points
answered 2022-05-04T00:06:05.003+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
33,801
Reputation points Microsoft Employee
1 answer
Is it possible to upload a file through a workbook?
I have a workbook that depends on data that is uploaded to a blob container, the container is already updated by a logic app which works fine. But is there a way that a user could also upload a csv directly to a blob via a workbook?
asked 2022-05-03T11:04:00.907+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 96%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Andrew Ryan
1
Reputation point
answered 2022-05-03T19:26:07.48+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 74%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Gary Bushey
176
Reputation points
2 answers
Send subscription activity logs to Sentinel?
Hello, I'd like to find out how to send activity logs for multiple subscriptions to Azure Sentinel. I found in the docs https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-activity that the data source can be enabled within a few…
asked 2021-04-21T22:48:01.843+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 65%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Felix Chan
1
Reputation point
answered 2022-05-02T21:57:11.543+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
2 answers
Connecting Amazon S3 to Azure Sentinel
We have stored Cloud watch Logs to Amazon S3 buckets using Kinesis Firehose. Now the requirement is to analyze those logs in S3 through Azure sentinel. Followed this document "Connect Microsoft Sentinel to Amazon Web Services to ingest AWS…
asked 2022-04-18T10:35:44.08+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 16%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Harsha Balla
1
Reputation point
commented 2022-05-02T20:56:25.683+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
2 answers
BehaviorAnalytics stopped collecting FailedLogon events
Hi there. Starting from April 2022 we experience the situation when the query to the BehaviorAnalytics table doesn't select any records with the ActivityType containing 'FailedLogOn'. And there are no records like that if you select the records without…
asked 2022-05-02T14:38:39.777+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 53%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dmitriy Kolesnikov
1
Reputation point
answered 2022-05-02T15:46:44.003+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
0 answers
Regarding OAuth type authentication in CCP connector in Sentinel
We are willing to create a CCP data connector for the data source in which OAuth type authentication is required. Is there any way to do it and if yes then can you please share the way how to do it or else share any alternative of this if possible.
asked 2022-04-27T13:29:24.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 93%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jayesh Prajapati
1
Reputation point
commented 2022-04-27T16:26:27.943+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
4 answers
Azure Sentinel - Azure Active Directroy Data connector does not display sign-in logs
Hi. In february 2022 I set up Microsoft Senitel with Azure Active Directory and everything worked fine. All logs from the connector synced. In march it suddenly stopped working, now I only get AuditLogs. The only changes I have made is the change…
asked 2022-04-26T07:24:24.267+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 85%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VegAas
1
Reputation point
answered 2022-04-27T13:59:08.977+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
3 answers
Sentinel Log Ingestion Threshold
I want to build the functionality to alert me when my org's Sentinel log ingestion is at or near the daily threshold. We're capped at 200 GB/day, so ideally I'd like to receive one alert when we're at 180 GB, another alert when we're at 190 GB, and then…
asked 2022-04-12T20:52:28.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 20%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
Prevost, Ella
1
Reputation point
answered 2022-04-26T17:21:55.837+00:00
Gary Bushey
176
Reputation points
1 answer
Playbook for IP blocking using FortiGate Firewall
Hi All Could someone please help me with how to achieve automatically IP blocking by using the sentinel SOAR capability. In our environment, we are using FortiGate Firewall. Could you please give the list of requirement from FortiGate Firewall and…
asked 2022-04-24T05:50:23.487+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 51%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jwala Singh
1
Reputation point
answered 2022-04-25T12:28:10.287+00:00
Andrew Blumhardt
9,491
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to forward multiple NSG ( different subsciption) logs to LogAnalystics workspace
Scenario: Currently, log Log Analytics workspace and azure sentinel are the same subscriptions. The requirement is all NSG logs ( different subscriptions and different locations) need to forward into existing Log Analytics workspace. Kindly suggest…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 43%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
1 answer
application logs are not visible in azure sentinel
While testing the azure sentinel application we are getting proper logs when we run azure function app manually(Test/Run). But when azure sentinel triggers function app at specific interval some logs are not visible after some time triggered at…
asked 2022-04-13T09:28:35.273+00:00
Rushit Ajudiya
146
Reputation points
answered 2022-04-14T22:35:37.917+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Mike Urnun
9,666
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Steps to Create a playbook to transfer log analytics data to a blob storage
Is there any playbook available for transferring log analytics data to a Blob storage ? If not then What are pre-requisites to set it up. I want to send data to Blob every 31th day. Can this playbook be triggered automatedly ?
asked 2022-04-04T07:02:30.65+00:00
Soumya Banerjee
126
Reputation points
commented 2022-04-14T14:14:56.367+00:00
Soumya Banerjee
126
Reputation points
1 answer
Azure Information Protection Audit logs no longer supported on Sentinel/LAW
I recently tried to add the data connector in Sentinel for Azure Information Protection and I got notified that this is no longer possible. Link to info: …
asked 2022-04-12T13:11:54.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
Tim Katsapas
1
Reputation point
commented 2022-04-13T07:41:27.897+00:00
Tim Katsapas
1
Reputation point