Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
1 answer
One of the answers was accepted by the question author.
Secure Sentinnel | Issues from Web Application \ Windows Application
Hello, We are using Azure Secure Sentinnel on our Azure platform. We are setting up a data centre with Firewall, VNET, WVD, VM across subscriptions. In one of the Windows Server 2019, we are going to host a Web Application, Web API & also a…
asked 2020-10-30T07:54:00.513+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 95%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Prasenna Kannan
436
Reputation points
accepted 2020-11-01T22:13:09.433+00:00
Prasenna Kannan
436
Reputation points
0 answers
How to prev()
Hello! How do I use prev() to return only results of the same UserDisplayName of the current log? Running the search below gives unexpected output (negative time_between_logins) and the previous log seems to be tied to a different user. Any…
asked 2020-10-15T14:49:24.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashley Van
1
Reputation point
commented 2020-10-28T14:41:38.353+00:00
Clive Watson - MSFT
106
Reputation points
1 answer
Azure Sentinel & Indegy - Dataconnection , custom queries
Any one can share experience in integrating Azure Sentinel & Indegy please!
asked 2020-10-27T14:09:39.457+00:00
Murali Chillakuru
1
Reputation point Microsoft Employee
answered 2020-10-27T20:25:39.95+00:00
James Hamil
21,696
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Pen Test
Hi, does Azure has available reports of its own Pen Test or Red Teaming test?
asked 2020-10-26T21:40:37.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Alessandra Pluchino
21
Reputation points
answered 2020-10-27T14:27:32.103+00:00
Alessandra Pluchino
21
Reputation points
1 answer
Log analytics agent - disrupted internet connection
In the event that the log analytics agent fails to connect to Azure Sentinel (no/disrupted internet connection for example), will the LA Agent hold the logs whilst the connection is down and post to Sentinel when a connection is re-established? Or are…
asked 2020-10-21T14:00:17.393+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 15%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
gary gibson
1
Reputation point
commented 2020-10-22T23:02:03.403+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
2 answers
Azure SecurityCenter
Hello All, What is the advantages of integration(enabling) of Azure Security Center with Sentinel? What kind of rule we can enable on sentinel for Azure Security Center? Thank You Rohit
asked 2020-07-21T16:19:44.817+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rohit
1
Reputation point
answered 2020-10-21T12:52:37.373+00:00
Jaehong Lee_sb339
1
Reputation point
1 answer
One of the answers was accepted by the question author.
How to add in Sentinel a tenant from Office 365?
The options for MSPS and CSPs to add new tenants to their own Sentinel workspace seems to be a bit of mystery, unless you are using Azure Lighthouse. This is a very common scenario, where the customer has only an Office 365 subscription and no other…
asked 2020-10-13T20:12:48.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 39%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Michael Deacon
21
Reputation points
accepted 2020-10-20T02:06:28.343+00:00
Michael Deacon
21
Reputation points
1 answer
One of the answers was accepted by the question author.
Windows Virtual Desktop Service | Secure Sentinnel | Australia Region
Hello, We are using Azure for our data migration activities. As part of it, we are planning to use Windows Virtual Desktop \ Azure Sentinnel. Based on the products available by region, I can see that Windows Virtual Desktop & Azure Sentinnel is…
asked 2020-10-13T08:21:43.037+00:00
Prasenna Kannan
436
Reputation points
accepted 2020-10-14T21:59:18.45+00:00
Prasenna Kannan
436
Reputation points
1 answer
How to create a playbook in Azure Sentinel that detects, alerts, and removes email forwarding rule(s) from Office 365?
Hi All, I would like to know how to create an Azure Sentinel playbook that does the following: Detects email forwarding rule(s) in Office 365 If there are any, delete the forwarding rule(s) sends an alert email to the admin(s) regarding the…
asked 2020-09-28T17:21:08.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 8%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Muhammad Waqar
1
Reputation point
commented 2020-10-05T18:19:43.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
22,856
Reputation points Microsoft Employee
1 answer
Send AWS CloudWatch events to Azure Sentinel
Have anyone made it possible to send AWS CloudWatch events to Azure Sentinel? Can you please share you setup process?
asked 2020-09-24T09:54:59.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 49%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Adi Dibra
1
Reputation point
answered 2020-09-28T13:36:21.43+00:00
Clive Watson - MSFT
106
Reputation points
1 answer
Manage security alerts in M365 Security Center or Sentinel or separately?
I am having some questions and would like to receive opinions that can contribute. I have the solutions in my environment and I'm in doubt about how to centralize everything. I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp,…
asked 2020-09-15T19:59:12.027+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 0%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Luizao_f
1
Reputation point
commented 2020-09-25T23:42:59.013+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
Powershell Script to add connectors to Azure Sentinel
Hi Team, Is there any way to automate the process(powershell or Json scripts/code) to add following data connectors to sentinel. -Azure Active Directory -Azure Activity -Azure Security Centre -Security Events I did not get any commands/code…
asked 2020-09-14T11:29:43.873+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 97%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Ankush Chauhan
1
Reputation point
commented 2020-09-25T23:42:30.85+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
Sentinel 'Events and alerts over time' graph
Hi all, Let me start by thanking you in advance and being honest that I am very new to Sentinel. I've deployed a few Windows Firewall Data Connectors, Over the past few hours. However, the graph under the 'Workspace' for these machines looks odd.…
asked 2020-09-22T15:00:06.283+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 83%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENQ%3C/text%3E%3C/svg%3E)
Niall Quinn
1
Reputation point
commented 2020-09-25T23:41:43.053+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
0 answers
Azure Sentinel - Active Directory Connector show different info about log-ins than Azure Active Directory logs in
Yesterday I've chatted with Microsoft's support engineer from the "new support request" in our Log Analytics workspace. The engineer suggested me to write a question here. My issue is: when I go to my Azure Active Directory >…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 14.000000000000002%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDI%3C/text%3E%3C/svg%3E)
1 answer
Email/Phone Indicators in Account Entity Types
Hi There, As Sentinel supports only four entity types - Account 2. IP 3. Host 4. URL Can we use Email or Phone Number in the logs and map it to Account Entity Type?
asked 2020-08-18T13:23:07.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Venkat Rambatla
1
Reputation point
commented 2020-08-25T22:56:16.797+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
2 answers
Behavior Analytics
Hello All, Kindly any one give me some details about behavior analytics. If i enable it then what is the benefit of this service. Is this chargeable?
asked 2020-08-23T05:54:32.34+00:00
Rohit
1
Reputation point
answered 2020-08-25T22:08:01.323+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma
23,676
Reputation points Microsoft Employee
0 answers
possible query to filter data from PCAP in Sentinel.
What would be possible query to capture the pcap data in sentinel.
asked 2020-08-19T13:58:16.333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 69%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Uma
1
Reputation point
commented 2020-08-21T17:08:38.607+00:00
Saurabh Sharma
23,676
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
asked 2020-08-07T12:40:16.34+00:00
Vaibhav Chaudhari
38,576
Reputation points
accepted 2020-08-19T14:45:28.08+00:00
Vaibhav Chaudhari
38,576
Reputation points
0 answers
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
asked 2020-08-10T11:38:08.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 34%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Schönegger
21
Reputation points
commented 2020-08-12T18:17:36.343+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
33,801
Reputation points Microsoft Employee
2 answers
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…
asked 2020-07-22T07:41:07.79+00:00
EnterpriseArchitect
4,741
Reputation points
commented 2020-08-01T10:27:48.307+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 66%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Ken Golitin
21
Reputation points