Secure Sentinnel | Issues from Web Application \ Windows Application
Hello, We are using Azure Secure Sentinnel on our Azure platform. We are setting up a data centre with Firewall, VNET, WVD, VM across subscriptions. In one of the Windows Server 2019, we are going to host a Web Application, Web API & also a…
How to prev()
Hello! How do I use prev() to return only results of the same UserDisplayName of the current log? Running the search below gives unexpected output (negative time_between_logins) and the previous log seems to be tied to a different user. Any…
Azure Sentinel & Indegy - Dataconnection , custom queries
Any one can share experience in integrating Azure Sentinel & Indegy please!
Azure Pen Test
Hi, does Azure has available reports of its own Pen Test or Red Teaming test?
Log analytics agent - disrupted internet connection
In the event that the log analytics agent fails to connect to Azure Sentinel (no/disrupted internet connection for example), will the LA Agent hold the logs whilst the connection is down and post to Sentinel when a connection is re-established? Or are…
Azure SecurityCenter
Hello All, What is the advantages of integration(enabling) of Azure Security Center with Sentinel? What kind of rule we can enable on sentinel for Azure Security Center? Thank You Rohit
How to add in Sentinel a tenant from Office 365?
The options for MSPS and CSPs to add new tenants to their own Sentinel workspace seems to be a bit of mystery, unless you are using Azure Lighthouse. This is a very common scenario, where the customer has only an Office 365 subscription and no other…
Windows Virtual Desktop Service | Secure Sentinnel | Australia Region
Hello, We are using Azure for our data migration activities. As part of it, we are planning to use Windows Virtual Desktop \ Azure Sentinnel. Based on the products available by region, I can see that Windows Virtual Desktop & Azure Sentinnel is…
How to create a playbook in Azure Sentinel that detects, alerts, and removes email forwarding rule(s) from Office 365?
Hi All, I would like to know how to create an Azure Sentinel playbook that does the following: Detects email forwarding rule(s) in Office 365 If there are any, delete the forwarding rule(s) sends an alert email to the admin(s) regarding the…
Send AWS CloudWatch events to Azure Sentinel
Have anyone made it possible to send AWS CloudWatch events to Azure Sentinel? Can you please share you setup process?
Manage security alerts in M365 Security Center or Sentinel or separately?
I am having some questions and would like to receive opinions that can contribute. I have the solutions in my environment and I'm in doubt about how to centralize everything. I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp,…
Powershell Script to add connectors to Azure Sentinel
Hi Team, Is there any way to automate the process(powershell or Json scripts/code) to add following data connectors to sentinel. -Azure Active Directory -Azure Activity -Azure Security Centre -Security Events I did not get any commands/code…
Sentinel 'Events and alerts over time' graph
Hi all, Let me start by thanking you in advance and being honest that I am very new to Sentinel. I've deployed a few Windows Firewall Data Connectors, Over the past few hours. However, the graph under the 'Workspace' for these machines looks odd.…
Azure Sentinel - Active Directory Connector show different info about log-ins than Azure Active Directory logs in
Yesterday I've chatted with Microsoft's support engineer from the "new support request" in our Log Analytics workspace. The engineer suggested me to write a question here. My issue is: when I go to my Azure Active Directory >…
Email/Phone Indicators in Account Entity Types
Hi There, As Sentinel supports only four entity types - Account 2. IP 3. Host 4. URL Can we use Email or Phone Number in the logs and map it to Account Entity Type?
Behavior Analytics
Hello All, Kindly any one give me some details about behavior analytics. If i enable it then what is the benefit of this service. Is this chargeable?
possible query to filter data from PCAP in Sentinel.
What would be possible query to capture the pcap data in sentinel.
Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…