959 questions with Microsoft Sentinel tags

Sort by: Updated
1 answer

Give Sentinel permissions to run playbooks Failure

Hello, I'm unable to assign a playbook to an automation rule that I've created in Azure sentinel, du to lack of permissions. The error message is the following : Successfully added permissions to 0 of 1 resource groups. Failure reason: The client…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-02-12T19:14:58.5+00:00
DA512 20 Reputation points
edited a comment 2024-02-14T18:07:02.2566667+00:00
DA512 20 Reputation points
0 answers

how to have logs sent from multiple different non connected azure and aws tenants to one instance of Azure Sentinel

i have 1 main tenant with our azure arc and azure sentinel instance. i need to get all the machines on several non connected azure and aws tenants to send their logging to our azure sentinel. no vpns are allowed between the tenants. azure arc will work…

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
302 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-02-13T20:18:00.4+00:00
Darren Phillips 1 Reputation point
commented 2024-02-14T14:59:30.1933333+00:00
Timmy Malmgren 736 Reputation points
1 answer One of the answers was accepted by the question author.

Kusto Query searching for when an Entra ID user account has been enabled and after that, the password has been reset on that account

I am trying to write a Kusto query to search for when a user account has been enabled and after that, the password has been reset on that account. I have got this far, but still not sure if this is right, I would love someone to help me please! let…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-02-13T10:15:43.98+00:00
Mark Summers 20 Reputation points
accepted 2024-02-14T08:42:59.0266667+00:00
Mark Summers 20 Reputation points
1 answer

Your message wasn't delivered because the recipient's email provider rejected it.

Hi Im trying to report a scam email to the fraud police but keep getting the error when forwarding it. I tried through the outlook android app and on outlook.com om firefox browser. Sorry for incorrect tag. I couldnt find outlook email :(

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2022-10-27T12:20:53.8+00:00
unbuttered toast 1 Reputation point
answered 2024-02-11T00:50:50.2766667+00:00
Bill Clarkson-Antill 5 Reputation points MVP
1 answer One of the answers was accepted by the question author.

Azure Sentinel does not find Log Analytics Workspace

I'm trying to create a nel Setinel enviromment. I Have a Partner subscription to Azure and I've created another one. I've created in both subscriprion a workspace and an instance to Log Analytics. No one seems to be connected to sentinel

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,740 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-03T17:24:31.9533333+00:00
Michele Broggi 20 Reputation points
edited the question 2024-02-08T15:10:55.88+00:00
tbgangav-MSFT 10,371 Reputation points
2 answers

Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition

Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition. Also, want to check if there is any impact on tenant, subscription and Log analytical workspace…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2023-05-26T07:23:04.3633333+00:00
Parshuram Tularam Kushwah 0 Reputation points
commented 2024-02-07T18:32:25.7066667+00:00
J-Dawg FGO 0 Reputation points Microsoft Employee
1 answer

How to provide checkbox selection in parameters section of ARM Template for a parameter

I have a usecase where I need to provide checkbox selection to user for fillling parameter values in Azure Resource Manager Template of Data Connector/ Playbook(Azure Logic Apps). I have tried to provide type=array while providing allowedValues but it is…

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,770 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-02-02T17:09:45.16+00:00
Nirali Shah 146 Reputation points
commented 2024-02-06T23:30:09.46+00:00
Mike Urnun 9,481 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

HAVING MY SYSLOG SERVER IN AZURE CLOUD FOR ONPREM MIRAKI

This article https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog describes the collection of syslog from linus base devices like my Miraki devices. However, the current architecture requires the use of a VM on-prem which will allow the log…

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
6,980 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-31T20:50:53.22+00:00
AO 20 Reputation points
accepted 2024-02-06T22:16:23.19+00:00
AO 20 Reputation points
1 answer

Microsoft Sentinel | Data connector won't disconnect

Hi, I've currently got these data connectors: I want to disconnect the following: When i open the connector page on Defender for Endpoint etc, everything is disabled, see below: The same with Defender XDR: The same with Threat…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-30T08:05:09.4866667+00:00
Andreas Bjelven 110 Reputation points
commented 2024-02-05T14:49:13.4366667+00:00
Andreas Bjelven 110 Reputation points
1 answer One of the answers was accepted by the question author.

Export and Import Saved Queries and Functions from one Sentinel Workspace to Another

What are the ways to export and import Saved Queries and Functions from one sentinel workspace to another? The only reference I have is this one:…

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,112 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-02-02T11:59:22.0733333+00:00
Tshabalala, Sifiso S 20 Reputation points
accepted 2024-02-05T12:07:37.79+00:00
Tshabalala, Sifiso S 20 Reputation points
1 answer

How to connect jumpcloud data connector in sentinel using azure functions

I'm trying to connect the jump cloud data connector, but no such data connector is available in the connectors, and I learned that I have to use Azure functions to fetch the jump cloud data to sentinel. Can someone good at it help me with any articles or…

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,112 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,286 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-19T12:38:38.81+00:00
Harish Menti 0 Reputation points
commented 2024-02-01T21:43:41.83+00:00
JamesTran-MSFT 36,336 Reputation points Microsoft Employee
1 answer

Microsoft graph Security connector Error

Hello, I configure logic Apps that can create tiindicator. So, I used Microsoft graph Security connector and I made App (has ThreatIndicators.ReadWrite.OwnedBy) { "error": { "code": "UnknownError", …

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,770 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-19T06:31:21.6933333+00:00
mara7 161 Reputation points
commented 2024-02-01T21:25:53.38+00:00
JamesTran-MSFT 36,336 Reputation points Microsoft Employee
1 answer

E3 vs E5 from a security perspective: Unified XDR/SIEM

Hi, A customer with E5 wants to downgrade to E3. Currently, he has XDR services (All Defenders) and Sentinel. Will he lose any services during the downgrade process?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,158 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
142 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
100 questions
asked 2024-01-30T19:46:09.0366667+00:00
Riadh Zehani 125 Reputation points
commented 2024-02-01T06:54:24.3433333+00:00
Akshay-MSFT 15,856 Reputation points Microsoft Employee
1 answer

Sentinel Analytic Rule Query Cannot Resolved Table

Hi- This was a working analytic rule for couple days now, but today when I tried to edit the rule, I encountered the "Failed to resolve table expression name" error. The table exists and workspace has no problem resolving it, but analytic rule…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-30T01:50:27.63+00:00
Yang, Steven 151 Reputation points
commented 2024-01-30T21:19:56.8666667+00:00
Yang, Steven 151 Reputation points
1 answer

Atlassian Confluence Audit Connector Not Sending Log Data To Microsoft Sentinel

Hi- I deployed the Atlassian Confluence Audit Connector for Microsoft Sentinel via Azure Functions following this article (https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/atlassian-confluence-audit-using-azure-functions). However, in…

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,112 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-19T22:05:05.6366667+00:00
Wong, Vincent 0 Reputation points
commented 2024-01-30T20:20:14.1633333+00:00
JamesTran-MSFT 36,336 Reputation points Microsoft Employee
1 answer

how to configure Microsoft Copilot logs are ingested automatically to the Azure Sentinel?

Hi Fams, Could I get some assistance with configuring copilot logs into azure sentinel. Thanks,

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
Microsoft Copilot for Microsoft 365 Development
Microsoft Copilot for Microsoft 365 Development
Microsoft Copilot for Microsoft 365: Microsoft 365 Copilot refers collectively to Copilot experiences within Microsoft 365 applications.Development: The process of researching, productizing, and refining new or existing technologies.
38 questions
Microsoft Copilot
Microsoft Copilot
Microsoft terminology for a universal copilot interface.
102 questions
asked 2024-01-18T22:27:13.99+00:00
Sanjeev Pokhrel 0 Reputation points
edited a comment 2024-01-30T05:57:10.96+00:00
Givary-MSFT 27,001 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

How to terminate a for each loop in Azure logic app of Microsoft Sentinel

We have created a logic app. We are iterating over each element of an array using for each loop and performing some actions inside it. Here, we have a case where we have to break the loop in between but we are not able to use Terminate inside loop as…

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,770 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-11T16:10:26.94+00:00
Nirali Shah 146 Reputation points
accepted 2024-01-27T08:04:38.55+00:00
Nirali Shah 146 Reputation points
3 answers

MDTI-Automated-Triage problems

WARNING! There was an error parsing the document Hello, I set up MDTI-Automated-Triage playbook via MiMicrosoft Defender Threat Intelligence. But It does not work well. I attached error message at the bottom. <Status> 1. I add "Microsoft…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-12T06:43:01.14+00:00
mara7 161 Reputation points
commented 2024-01-25T21:22:52.3066667+00:00
JamesTran-MSFT 36,336 Reputation points Microsoft Employee
1 answer

Send mail following the creation of an incident

In Sentinel, I created an alert about the data of a create table in my workspace. So I subsequently create an incident but I can not send an email following this alert. I would like to know where and how to set the email if I can do it from Sentinel or…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2024-01-25T16:49:39.75+00:00
Maxime CARMONA 40 Reputation points
answered 2024-01-25T20:50:59.3966667+00:00
Clive Watson 5,391 Reputation points MVP
1 answer

Threat Intelligence Platforms deprecated

Regarding “Threat Intelligence Platforms - BEING DEPRECATED (Preview)” What does Microsoft mean when they say “BEING DEPRECATED” When is the target date for this Data Connector to be retired?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
asked 2023-07-06T05:58:10.4733333+00:00
Microsoft OnlineConcierge 1 Reputation point
commented 2024-01-24T07:49:15.3233333+00:00
Rogier Dijkman 1 Reputation point MVP