Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
986 questions
1 answer
Is it possible to upload a file through a workbook?
I have a workbook that depends on data that is uploaded to a blob container, the container is already updated by a logic app which works fine. But is there a way that a user could also upload a csv directly to a blob via a workbook?
asked 2022-05-03T11:04:00.907+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 96%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Andrew Ryan
1
Reputation point
answered 2022-05-03T19:26:07.48+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 74%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Gary Bushey
176
Reputation points
2 answers
Send subscription activity logs to Sentinel?
Hello, I'd like to find out how to send activity logs for multiple subscriptions to Azure Sentinel. I found in the docs https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-activity that the data source can be enabled within a few…
asked 2021-04-21T22:48:01.843+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 65%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Felix Chan
1
Reputation point
answered 2022-05-02T21:57:11.543+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
2 answers
Connecting Amazon S3 to Azure Sentinel
We have stored Cloud watch Logs to Amazon S3 buckets using Kinesis Firehose. Now the requirement is to analyze those logs in S3 through Azure sentinel. Followed this document "Connect Microsoft Sentinel to Amazon Web Services to ingest AWS…
asked 2022-04-18T10:35:44.08+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 16%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Harsha Balla
1
Reputation point
commented 2022-05-02T20:56:25.683+00:00
JamesTran-MSFT
36,376
Reputation points Microsoft Employee
2 answers
BehaviorAnalytics stopped collecting FailedLogon events
Hi there. Starting from April 2022 we experience the situation when the query to the BehaviorAnalytics table doesn't select any records with the ActivityType containing 'FailedLogOn'. And there are no records like that if you select the records without…
asked 2022-05-02T14:38:39.777+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 53%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dmitriy Kolesnikov
1
Reputation point
answered 2022-05-02T15:46:44.003+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
0 answers
Regarding OAuth type authentication in CCP connector in Sentinel
We are willing to create a CCP data connector for the data source in which OAuth type authentication is required. Is there any way to do it and if yes then can you please share the way how to do it or else share any alternative of this if possible.
asked 2022-04-27T13:29:24.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 93%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jayesh Prajapati
1
Reputation point
commented 2022-04-27T16:26:27.943+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
4 answers
Azure Sentinel - Azure Active Directroy Data connector does not display sign-in logs
Hi. In february 2022 I set up Microsoft Senitel with Azure Active Directory and everything worked fine. All logs from the connector synced. In march it suddenly stopped working, now I only get AuditLogs. The only changes I have made is the change…
asked 2022-04-26T07:24:24.267+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 85%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VegAas
1
Reputation point
answered 2022-04-27T13:59:08.977+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
3 answers
Sentinel Log Ingestion Threshold
I want to build the functionality to alert me when my org's Sentinel log ingestion is at or near the daily threshold. We're capped at 200 GB/day, so ideally I'd like to receive one alert when we're at 180 GB, another alert when we're at 190 GB, and then…
asked 2022-04-12T20:52:28.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 20%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
Prevost, Ella
1
Reputation point
answered 2022-04-26T17:21:55.837+00:00
Gary Bushey
176
Reputation points
1 answer
Playbook for IP blocking using FortiGate Firewall
Hi All Could someone please help me with how to achieve automatically IP blocking by using the sentinel SOAR capability. In our environment, we are using FortiGate Firewall. Could you please give the list of requirement from FortiGate Firewall and…
asked 2022-04-24T05:50:23.487+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 51%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jwala Singh
1
Reputation point
answered 2022-04-25T12:28:10.287+00:00
Andrew Blumhardt
9,496
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to forward multiple NSG ( different subsciption) logs to LogAnalystics workspace
Scenario: Currently, log Log Analytics workspace and azure sentinel are the same subscriptions. The requirement is all NSG logs ( different subscriptions and different locations) need to forward into existing Log Analytics workspace. Kindly suggest…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 43%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
1 answer
application logs are not visible in azure sentinel
While testing the azure sentinel application we are getting proper logs when we run azure function app manually(Test/Run). But when azure sentinel triggers function app at specific interval some logs are not visible after some time triggered at…
asked 2022-04-13T09:28:35.273+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rushit Ajudiya
146
Reputation points
answered 2022-04-14T22:35:37.917+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Mike Urnun
9,676
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Steps to Create a playbook to transfer log analytics data to a blob storage
Is there any playbook available for transferring log analytics data to a Blob storage ? If not then What are pre-requisites to set it up. I want to send data to Blob every 31th day. Can this playbook be triggered automatedly ?
asked 2022-04-04T07:02:30.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 96%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Soumya Banerjee
126
Reputation points
commented 2022-04-14T14:14:56.367+00:00
Soumya Banerjee
126
Reputation points
1 answer
Azure Information Protection Audit logs no longer supported on Sentinel/LAW
I recently tried to add the data connector in Sentinel for Azure Information Protection and I got notified that this is no longer possible. Link to info: …
asked 2022-04-12T13:11:54.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
Tim Katsapas
1
Reputation point
commented 2022-04-13T07:41:27.897+00:00
Tim Katsapas
1
Reputation point
2 answers
Subscription Reactivation problem
I am not able to reactivate my subscription while I paid all dues.
asked 2022-04-09T11:08:17.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAU%3C/text%3E%3C/svg%3E)
asmat ullah
6
Reputation points
commented 2022-04-12T13:04:07.56+00:00
GeethaThatipatri-MSFT
27,642
Reputation points Microsoft Employee
6 answers
Azure problem
I can't delete my azure subscription. why can't I delete it and am I being billed for not using Azure at all?
asked 2022-04-11T17:02:05.547+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 3%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Дарья Рахман
1
Reputation point
answered 2022-04-11T20:11:15.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 49%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Amey Naniwadekar
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Restoring the ability to expand information in Sentinel
Hello all Before image: After image: Recently we have noticed as our analysts reopen their sentinel consoles that they are no longer able to expand out the sections in Alerts anymore. The ability to expand them has simply…
asked 2022-04-03T12:23:23.77+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 99%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Patrick MacLellan
31
Reputation points
commented 2022-04-11T12:12:42.247+00:00
Patrick MacLellan
31
Reputation points
1 answer
One of the answers was accepted by the question author.
ASIM parsers and analytics rules
Hi Team, As far as I understand, ASIM parsers combine similar logs from different sources, for eg., "imAuthentication" combines Azure AD interactive and non-interactive Sign in logs, M365 Defender-based sign in logs etc. So when an incident…
asked 2022-04-02T06:58:17.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Anand R Menon
286
Reputation points
commented 2022-04-09T04:27:46.037+00:00
Anand R Menon
286
Reputation points
1 answer
One of the answers was accepted by the question author.
MSSP Sentinel
I have a customer Az tenant and want to offer MSSP service through lighthouse in our MSSP tenant. Question is , how does the connection works between customer tenant and our MSSP tenant. How is it accomplished ? Do we need to publish any URL? Should…
asked 2022-04-04T12:13:06.817+00:00
Soumya Banerjee
126
Reputation points
commented 2022-04-08T12:19:23.73+00:00
Soumya Banerjee
126
Reputation points
0 answers
Best way to ingest data from rest API
Hi, what is the best way to ingest data into sentinel from a rest api ? There is no connector on the marketplace. I have already begin to pull this data into a Jupyter notebook using Python. I'll need to supply basic auth credentials when querying the…
asked 2022-03-29T15:54:51.757+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 90%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHC%3C/text%3E%3C/svg%3E)
Harrison Crossley
1
Reputation point
commented 2022-04-07T16:30:58.24+00:00
JamesTran-MSFT
36,376
Reputation points Microsoft Employee
2 answers
How to query multiple Managed Device event logs?
Hi All, How do I get the security event logs from a managed device into Azure for querying? Can you please tell me the best way to query managed device's Event Logs? What Azure resource should I use Azure Monitor, Log Analytics, Azure Sentinal, or…
asked 2022-03-26T12:13:11.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 74%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC3%3C/text%3E%3C/svg%3E)
CourtneyEdwards-321
46
Reputation points
commented 2022-04-06T09:10:17.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,106
Reputation points
1 answer
How to forward Office 365 Information Governance alerts to Sentinel?
Is there a way to forward these Information Governance alerts into Sentinel? These alerts were present in the old 365 Protection Portal and now in Microsoft 365 Defender portal. I checked Sentinel's OfficeActivity raw logs but couldn't find some events…
asked 2022-03-16T07:17:26.517+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 34%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIS%3C/text%3E%3C/svg%3E)
Isuru Samaradiwakara
1
Reputation point
commented 2022-04-05T03:05:29.357+00:00
Isuru Samaradiwakara
1
Reputation point