How "Microsoft Sentinel " integrate with alibaba cloud
""uses Microsoft Sentinel for SIEM solution and logs need to be available for it. Probably will require some type of custom integration. How "Microsoft Sentinel " integrate with alibaba cloud
Data Connector to enable bidirectional sync between Microsoft Sentinel and Jira Service Management
Hi Team, Are there plans to make available a data connector to enable bidirectional sync between Microsoft Sentinel and Jira Service Management? It would be great to have the following features available for this connector: Auto-creation of tickets…
Is there any way to filter out specified security event ID from Sentinel
We ingest security log to sentinel. Is there any way to filter out event ID 4662 from Sentinel ?
Storage location of Microsoft Sentinel Incidents
Hi Team, We have a test Microsoft Sentinel environment where we have a data retention period of 30 days. When I check the 'SecurityIncident', 'SecurityAlert' etc. tables, as expected, there is no data present before the 30 day-period. But on the…
Logs through AMA agents
I have setup AMA agents with DCR , we are receiving logs . For windows through AMA receiving through "Windows Security Events via AMA" connector and it is showing DCR's created. My question is , why is it sending linux logs through Syslog…
Will problem occur to make our own Data Connector certified by microsoft that contains multiple timertrigger functions?
Will there be any problem to make our own DataConnector certified by Microsoft and publicly available on Azure platform if we use a three timer trigger functions inside DataConnector? If yes, then what is the preferred solution to overcome that issue? …
Having Trouble with creation of an Azure Sentinel Stealthwatch Log Analytics Query
I'm working on a project to create a Stealthwatch (Cisco) Log Analytics query from a canned workbook query available from the Azure Sentinel portal (Data Connectors > Cisco Stealthwatch). I've added the function to my LA query section and it will run…
Sentinel security event collection and dual homing
Hi I am trying to figure out how (where) to set collection for Windows Security events for Microsoft Sentinel. The environment consists of 2 workspaces, one for performance data, and one for Sentinel. They are in different subscriptions. The goal is…
Azure Sentinel - Query help
Dear All, I need to write query to hunt for OS Credential Dumping: NTDS. T1003.003, kindly help if you got any information
Newbie Question - Sentinel Deployment: Cost & Effort Required
I'm considering deploying Sentinel for our Azure & Non-Azure environment. We're a small, nonprofit Windows shop. Where is the best place to get an idea of the cost and effort involved?
Atypical Travel / Unfamiliar sign-in properties
Hi I get a few atypical travel / unfamiliar sign-in properties incidents from time to time, where privileged users sign in from the same IP (52.98.175.181, Amsterdam, Noord-Holland) owned by Microsoft. I dismiss these as false-positives, but I'm…
Can we update existing records of custom log table in log analytics workspace?
Hello, We configured Azure Sentinel and ingested data into a custom log table in log analytics workspace. Now we want to update existing records in the log table. We have tried to use the replace_string() function of KQL to update some data in record…
Microsoft Sentinel get playbooks by trigger kind
Hi, I'm trying to pull all my playbooks using the workflows API - https://learn.microsoft.com/en-us/rest/api/logic/workflows/list-by-resource-group How can I know which workflow is using the trigger kind "Microsoft Sentinel Alert" and…
External Data / Watchlist enrichment help
I've tried a lot of different solutions and can't quite seem to get it. I want to enrich an alert I have created where we get notified that a user has logged in outside of my organisations country of operations. The AAD logs provide that location,…
Continuous Threat Monitoring for GitHub from content hub for microsoft sentinel not working in africa
hi guys i get errors when i deploy this official connector, any advice? or where do i ask the people to fix it?
Defender For IOT - Migration Strategy (OT Solution)
Hi all, I have been requested to migrate the OT solution (Defender for IOT Stack) to a alternative Subscription. I have noted that you cannot move the Workspace to a alternative subscription. (Resource) Is there a existing Strategy on moving the Stack,…
Microsoft Defender for Endpoint Alerts in Microsoft Sentinel
Hi, Currently I have enabled Microsoft Defender for Endpoint Alerts to flow to Sentinel by enabling it in the corresponding Sentinel Connector. Is it possible to configure such that Defender incidents appear in Sentinel with all the correlated alerts…
Sending syslog from windows syslog server running kiwi
We currently having a windows syslog server running Kiwi syslog. Rather than creating a new VM, I would like to use this server to forward the logs to Azure Sentinel. Is this possble? It looks like the agent Azure provides only runs on Linux machines. …
log via syslog server agent to Azure Sentinel (list of IPs?) & dual agent to two Log Analytics workspace
Hi, I am currently looking at setting up something like this: Security devices > syslog server > Microsoft Sentinel In order to tie down/restrict somewhat the access this syslog server has, is there a list of known IPs for Microsoft Sentinel?…
Sentinel log analytics backup issue
I followed the official guide(https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/move-your-microsoft-sentinel-logs-to-long-term-storage-with-ease/ba-p/1407153) to move the Microsoft Sentinel Logs to blob. But the volume of data per…