Give Sentinel permissions to run playbooks Failure
Hello, I'm unable to assign a playbook to an automation rule that I've created in Azure sentinel, du to lack of permissions. The error message is the following : Successfully added permissions to 0 of 1 resource groups. Failure reason: The client…
how to have logs sent from multiple different non connected azure and aws tenants to one instance of Azure Sentinel
i have 1 main tenant with our azure arc and azure sentinel instance. i need to get all the machines on several non connected azure and aws tenants to send their logging to our azure sentinel. no vpns are allowed between the tenants. azure arc will work…
Kusto Query searching for when an Entra ID user account has been enabled and after that, the password has been reset on that account
I am trying to write a Kusto query to search for when a user account has been enabled and after that, the password has been reset on that account. I have got this far, but still not sure if this is right, I would love someone to help me please! let…
Your message wasn't delivered because the recipient's email provider rejected it.
Hi Im trying to report a scam email to the fraud police but keep getting the error when forwarding it. I tried through the outlook android app and on outlook.com om firefox browser. Sorry for incorrect tag. I couldnt find outlook email :(
Azure Sentinel does not find Log Analytics Workspace
I'm trying to create a nel Setinel enviromment. I Have a Partner subscription to Azure and I've created another one. I've created in both subscriprion a workspace and an instance to Log Analytics. No one seems to be connected to sentinel
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition. Also, want to check if there is any impact on tenant, subscription and Log analytical workspace…
How to provide checkbox selection in parameters section of ARM Template for a parameter
I have a usecase where I need to provide checkbox selection to user for fillling parameter values in Azure Resource Manager Template of Data Connector/ Playbook(Azure Logic Apps). I have tried to provide type=array while providing allowedValues but it is…
HAVING MY SYSLOG SERVER IN AZURE CLOUD FOR ONPREM MIRAKI
This article https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog describes the collection of syslog from linus base devices like my Miraki devices. However, the current architecture requires the use of a VM on-prem which will allow the log…
Microsoft Sentinel | Data connector won't disconnect
Hi, I've currently got these data connectors: I want to disconnect the following: When i open the connector page on Defender for Endpoint etc, everything is disabled, see below: The same with Defender XDR: The same with Threat…
Export and Import Saved Queries and Functions from one Sentinel Workspace to Another
What are the ways to export and import Saved Queries and Functions from one sentinel workspace to another? The only reference I have is this one:…
How to connect jumpcloud data connector in sentinel using azure functions
I'm trying to connect the jump cloud data connector, but no such data connector is available in the connectors, and I learned that I have to use Azure functions to fetch the jump cloud data to sentinel. Can someone good at it help me with any articles or…
Microsoft graph Security connector Error
Hello, I configure logic Apps that can create tiindicator. So, I used Microsoft graph Security connector and I made App (has ThreatIndicators.ReadWrite.OwnedBy) { "error": { "code": "UnknownError", …
E3 vs E5 from a security perspective: Unified XDR/SIEM
Hi, A customer with E5 wants to downgrade to E3. Currently, he has XDR services (All Defenders) and Sentinel. Will he lose any services during the downgrade process?
Sentinel Analytic Rule Query Cannot Resolved Table
Hi- This was a working analytic rule for couple days now, but today when I tried to edit the rule, I encountered the "Failed to resolve table expression name" error. The table exists and workspace has no problem resolving it, but analytic rule…
Atlassian Confluence Audit Connector Not Sending Log Data To Microsoft Sentinel
Hi- I deployed the Atlassian Confluence Audit Connector for Microsoft Sentinel via Azure Functions following this article (https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/atlassian-confluence-audit-using-azure-functions). However, in…
how to configure Microsoft Copilot logs are ingested automatically to the Azure Sentinel?
Hi Fams, Could I get some assistance with configuring copilot logs into azure sentinel. Thanks,
How to terminate a for each loop in Azure logic app of Microsoft Sentinel
We have created a logic app. We are iterating over each element of an array using for each loop and performing some actions inside it. Here, we have a case where we have to break the loop in between but we are not able to use Terminate inside loop as…
MDTI-Automated-Triage problems
WARNING! There was an error parsing the document Hello, I set up MDTI-Automated-Triage playbook via MiMicrosoft Defender Threat Intelligence. But It does not work well. I attached error message at the bottom. <Status> 1. I add "Microsoft…
Send mail following the creation of an incident
In Sentinel, I created an alert about the data of a create table in my workspace. So I subsequently create an incident but I can not send an email following this alert. I would like to know where and how to set the email if I can do it from Sentinel or…
Threat Intelligence Platforms deprecated
Regarding “Threat Intelligence Platforms - BEING DEPRECATED (Preview)” What does Microsoft mean when they say “BEING DEPRECATED” When is the target date for this Data Connector to be retired?