Looking for Azure real time roles and responsibilities
Hi Friends, I have completed my Azure Administration training and looking for a Azure admin basic roles and responsibilities. Kindly help me what are the roles and responsibilities of a Azure Admin, kindly help me with best links
log query on NetworkCidrBlock match
Hi Community, My "ThreatIntelligenceIndicator" table stores rows of NetworkCidrBlock as indicators. I need to query "CommonSecurityLog" table against the indicator table on any DestinationIP that matches any value in…
Playbook as automated response for all Analytics rules | Azure Sentinel
I have created a playbook that will trigger certain alerts, and I want to set this as an automated response for all rules. I can manually set this playbook as an automated response for any Analytics rule, but how can I set it for all rules, including new…
Azure Sentinel DNS
Hi, I enabled the DNS connector in Sentinel and some DNS events are getting collected from the DNS servers, however DnsEvents SubType "LookupQuery" are not being sent to Sentinel. I saw the article here…
Azure Sentinel (IIS, SQL, Syslog server)
Hello, I am new to Azure Sentinel - so i need to implement this solution. So basically i need to collect logs from Active Directory, IIS, SQL Server make SYSLOG (linux) server which will collect Windows Firewall Logs and then send it's to Syslog…
Missing indicators from Graph Security API submission
Hi Community, Using the Graph Security API, I submitted 1.9 million unique network ip indicators to my Sentinel workspace with concurrent threads. I verified the count via responses from the API. However, the sentinel only shows the ingestion of…
Azure Sentinel estimated cost
I understand Azure Sentinel charged by volume of data ingested But I have no idea how many data the following azure services will ingesting to Sentinel Windows server virtual machines Azure SQL server Fortigate Firewall Azure AD …
Log filtering on Azure Sentinel
how to optimize the logs that are being ingested to Azure Sentinel ? Either on prem logs or cloud logs . Can we do any filtering before the log sits in log analytics work space ? if so, how can we add the filtering
Defender ATP - Query failed, how to investigate
Hello, This morning, we've had an issue with one of our custom rules in Microsoft Defender ATP. For a two hour period, the query returned several false positives, which points us to one of the threat intelligence functions (FileProfile()) either…
Azure Sentinel - SQL Audit
Hello, Recently i configure SQL Audit and audit server specifications to collect SQL logs and send it to Application. Also i installed MMA agent on SQL server and configured that Event Viewer -> Application logs (MSSQLSERVER) will be delivered to…
Azure Sentinel Azure AD logs
Hello, I have a question about Azure AD Logs sending to Azure Sentinel. I have all prerequisites and connected Azure AD to Azure Sentinel But i didn't receive any logs and Azure AD data connector status is What could be the cause?…
Can I trigger playbook from alert Status?
I'm trying to create incidents in ServiceNow whenever an Alert is set to "Active" inside of Sentinel. Is there a playbook trigger for this? Or a way to do this without creating another alert?
Azure Sentinel office 365 Tenant Permissions
Hello Thanks for reading my post Hopefully, this is simple to sort out but I seem to be going around in circles setting up a test office 365 and Azure environment - things seem to go well until I ran into this issue following along this…
Azure Setinel Lookup queries logs
Hello, I configuret Azure Sentinel Workspace. Installed MMA agent on DNS server and enabled DNS logging. And added DNS log event to workspace configuratian. I am receiving logs about DNS dynamic updates but don't get Lookup Query logs. DNS debug…
Automated Response for Microsoft Security Rules | Azure Sentinel
Hello, I have created a playbook to orchestrate automated response which will trigger an email with the alert details. I'm able to associate the playbook with scheduled rule analytic rule, however I'm unable to associated with Microsoft Security…
Sentinel Crashing when Running Lookup Search. Trying to find stale Firewall rules.
Hello, I'm trying to implement a lookup search that takes a lookup of all of our firewall rules and correlates it with our firewall data to then output what firewall rules are NOT present in the firewall logs. This is to trim down on any stale firewall…
Defender for Endpoint Users Not in MCAS
Hey! We've onboarded 15 users into Defender for Endpoint. Now that we've got the Sentinel Connector turned on to get the raw logs, we can see these machines/users reporting in. However, only 10 of these users show in the MCAS Cloud Discovery Dashboard.…
[Sentinel] No Azure AD Sign-in logs in my workbook
Hello, I've been trying to use the Azure AD Sign-in logs workbook to see my user's sign ins and I can't get it to work. I definitely see the Audits but no logins even though there are. At this point I have chosen to display only logins and the…
Azure sentinel Azure AD logs
Hello, I have question about Azure sentinel Azure AD "data connectors". If my Azure sentinel is in subscription number 2. And i configure azure sentinel. I want to install Azure AD connector to get information from other AD tenant where…
Send syslog server logs to Azure Sentinel through log analytics gateway
Team, I have a scenario where one of our customer wanted to send the syslog data to Sentinel through log analytics gateway. We tried to simulate this on our lab but we were facing issues with the successful installation. Can we have a steps where we can…