Is it possible to upload a file through a workbook?
I have a workbook that depends on data that is uploaded to a blob container, the container is already updated by a logic app which works fine. But is there a way that a user could also upload a csv directly to a blob via a workbook?
Send subscription activity logs to Sentinel?
Hello, I'd like to find out how to send activity logs for multiple subscriptions to Azure Sentinel. I found in the docs https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-activity that the data source can be enabled within a few…
Connecting Amazon S3 to Azure Sentinel
We have stored Cloud watch Logs to Amazon S3 buckets using Kinesis Firehose. Now the requirement is to analyze those logs in S3 through Azure sentinel. Followed this document "Connect Microsoft Sentinel to Amazon Web Services to ingest AWS…
BehaviorAnalytics stopped collecting FailedLogon events
Hi there. Starting from April 2022 we experience the situation when the query to the BehaviorAnalytics table doesn't select any records with the ActivityType containing 'FailedLogOn'. And there are no records like that if you select the records without…
Regarding OAuth type authentication in CCP connector in Sentinel
We are willing to create a CCP data connector for the data source in which OAuth type authentication is required. Is there any way to do it and if yes then can you please share the way how to do it or else share any alternative of this if possible.
Azure Sentinel - Azure Active Directroy Data connector does not display sign-in logs
Hi. In february 2022 I set up Microsoft Senitel with Azure Active Directory and everything worked fine. All logs from the connector synced. In march it suddenly stopped working, now I only get AuditLogs. The only changes I have made is the change…
Sentinel Log Ingestion Threshold
I want to build the functionality to alert me when my org's Sentinel log ingestion is at or near the daily threshold. We're capped at 200 GB/day, so ideally I'd like to receive one alert when we're at 180 GB, another alert when we're at 190 GB, and then…
Playbook for IP blocking using FortiGate Firewall
Hi All Could someone please help me with how to achieve automatically IP blocking by using the sentinel SOAR capability. In our environment, we are using FortiGate Firewall. Could you please give the list of requirement from FortiGate Firewall and…
How to forward multiple NSG ( different subsciption) logs to LogAnalystics workspace
Scenario: Currently, log Log Analytics workspace and azure sentinel are the same subscriptions. The requirement is all NSG logs ( different subscriptions and different locations) need to forward into existing Log Analytics workspace. Kindly suggest…
application logs are not visible in azure sentinel
While testing the azure sentinel application we are getting proper logs when we run azure function app manually(Test/Run). But when azure sentinel triggers function app at specific interval some logs are not visible after some time triggered at…
Steps to Create a playbook to transfer log analytics data to a blob storage
Is there any playbook available for transferring log analytics data to a Blob storage ? If not then What are pre-requisites to set it up. I want to send data to Blob every 31th day. Can this playbook be triggered automatedly ?
Azure Information Protection Audit logs no longer supported on Sentinel/LAW
I recently tried to add the data connector in Sentinel for Azure Information Protection and I got notified that this is no longer possible. Link to info: …
Subscription Reactivation problem
I am not able to reactivate my subscription while I paid all dues.
Azure problem
I can't delete my azure subscription. why can't I delete it and am I being billed for not using Azure at all?
Restoring the ability to expand information in Sentinel
Hello all Before image: After image: Recently we have noticed as our analysts reopen their sentinel consoles that they are no longer able to expand out the sections in Alerts anymore. The ability to expand them has simply…
ASIM parsers and analytics rules
Hi Team, As far as I understand, ASIM parsers combine similar logs from different sources, for eg., "imAuthentication" combines Azure AD interactive and non-interactive Sign in logs, M365 Defender-based sign in logs etc. So when an incident…
MSSP Sentinel
I have a customer Az tenant and want to offer MSSP service through lighthouse in our MSSP tenant. Question is , how does the connection works between customer tenant and our MSSP tenant. How is it accomplished ? Do we need to publish any URL? Should…
Best way to ingest data from rest API
Hi, what is the best way to ingest data into sentinel from a rest api ? There is no connector on the marketplace. I have already begin to pull this data into a Jupyter notebook using Python. I'll need to supply basic auth credentials when querying the…
How to query multiple Managed Device event logs?
Hi All, How do I get the security event logs from a managed device into Azure for querying? Can you please tell me the best way to query managed device's Event Logs? What Azure resource should I use Azure Monitor, Log Analytics, Azure Sentinal, or…
How to forward Office 365 Information Governance alerts to Sentinel?
Is there a way to forward these Information Governance alerts into Sentinel? These alerts were present in the old 365 Protection Portal and now in Microsoft 365 Defender portal. I checked Sentinel's OfficeActivity raw logs but couldn't find some events…