Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
980 questions
0 answers
possible query to filter data from PCAP in Sentinel.
What would be possible query to capture the pcap data in sentinel.
asked 2020-08-19T13:58:16.333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 69%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Uma
1
Reputation point
commented 2020-08-21T17:08:38.607+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma
23,751
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
asked 2020-08-07T12:40:16.34+00:00
Vaibhav Chaudhari
38,601
Reputation points
accepted 2020-08-19T14:45:28.08+00:00
Vaibhav Chaudhari
38,601
Reputation points
0 answers
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
asked 2020-08-10T11:38:08.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 34%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Schönegger
21
Reputation points
commented 2020-08-12T18:17:36.343+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
2 answers
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…
asked 2020-07-22T07:41:07.79+00:00
EnterpriseArchitect
4,741
Reputation points
commented 2020-08-01T10:27:48.307+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 66%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Ken Golitin
21
Reputation points
1 answer
How to take the Network Security Group(NSG) logs to Azure Sentinel
Hello, I have Azure Sentinel, Kindly suggest the steps how to forward the NSG(Azure Firewall) logs to Sentinel. Regards, Chandan Prajapati
asked 2020-07-18T19:15:54.85+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
commented 2020-07-30T23:00:48.757+00:00
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
2 answers
Window Firewall
Hello All, Kindly suggest me how to take the Windows Firewall logs to Sentinel. Thank You
asked 2020-07-23T06:19:36.093+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rohit
1
Reputation point
commented 2020-07-29T07:41:36.12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 33%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Cherry Zhang (Shanghai Wicresoft)
11
Reputation points
1 answer
Is it possible to display Sentinel Incidents and Alerts within Azure Dashboards
Hi, I am wondering if i can query the SecurityAlert logs within Dashboard query? I find the workbooks and the Sentinel Overview screen to not be ideal as a dashboard screen and want to have it all in dashboards
asked 2020-07-22T01:13:08.123+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 45%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Cal
1
Reputation point
commented 2020-07-27T21:01:10.917+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
What's the best way to get on-premise Domain Controller Logs into Sentinel?
I'm working to get logs from an on-prem server into Sentinel. Really all I need is visibility into what's going on, and some route to respond to threats so it doesn't necessarily have to be Sentinel but that's what I've been using so far to monitor Azure…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 52%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
2 answers
Nsg Log to Sentinel
Hello, Can any one provide me the exact process/Docs/link for how to enable Azure Firewall(NSG) to Sentinel. Or how to see the (Azure Firewall) NSG logs in Sentinel. Thanks Rohit
2 answers
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
I have two different fortigate that stream logs to a CEF collector (linux oms agent). The agent relays the info to logs analytics workspace that has azure sentinel and it does process them. When querying the logs I do not have a way to know from which…
asked 2020-06-11T04:27:53.417+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 13%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
Juan Orjuela
1
Reputation point
commented 2020-07-20T15:30:50.527+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
0 answers
Getting a 500 error when creating a office 365 dataconnector by using the azure api.
Hello, I'm trying to replicate this example and I'm getting a 500 error. Does anybody has faced this same issue before? …
asked 2020-07-17T04:57:31.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 51%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Camilo
1
Reputation point
commented 2020-07-18T00:16:47.253+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
I am trying to create an alert query that will let me know if a specific source has not provided logs within 7 days, but I am not sure the what syntax would allow for this. It is simple to find entries older than 7 days, but is it possible to alert if…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 53%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
2 answers
AI for Covid19
In today's crisis of Covid19, AI will definitely is a key element to be used to further enhance humanity and health of the world. What would be the best technology to be used?
asked 2020-06-13T16:23:12.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Mulia Dewi Karnadi
1
Reputation point
answered 2020-06-15T12:00:02.453+00:00
romungi-MSFT
42,206
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Looking for a sample event that triggers when one of the existing users has been assigned with "global admin privilege" in office 365
On the SIEM solution (eg. Azure sentinel), i am looking to create a correlation rule that will use the event that gets generated when one of the existing users has been assigned with the 'global admin' privileges. As i do not have any such instances from…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 33%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
What happens after free trial for Azure Sentinel expires and what are the trial limits?
Our client wants to try trial version of Azure Sentinel and is curious what happens after free trial expires, for example, will he lose access to all features or will he have access to partial free features or he'll have access but will pay per usage. …
asked 2020-06-01T13:31:22.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 20%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
groupireum
21
Reputation points
commented 2020-06-02T22:48:51+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Will Azure Sentinel integrate with my organization’s existing tools?
Will Azure Sentinel integrate with my organization’s existing tools? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Azure Sentinel
asked 2020-05-06T20:42:37.847+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
accepted 2020-05-06T22:09:44.913+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
What are “Incidents” in Azure Sentinel and how are they different from alerts?
What does it mean when I see a list of new and open incidents in Azure Sentinel? What are incidents in Azure Sentinel and how are they different from alerts? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud…
asked 2020-05-06T20:45:18.433+00:00
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
accepted 2020-05-06T20:56:24.463+00:00
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Do I need an Azure subscription to use Azure Sentinel?
Do I need an Azure subscription to use Azure Sentinel or can I purchase it as a standalone? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Sentinel FAQ ]
asked 2020-05-06T20:38:22.937+00:00
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
accepted 2020-05-06T20:52:28.65+00:00
Marilee Turscak-MSFT
33,951
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
What is Azure Sentinel, and how does it work?
I want to understand what Azure Sentinel is, and how does it work? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]
asked 2020-05-06T20:40:44.733+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
accepted 2020-05-06T20:51:37.623+00:00
Saurabh Sharma
23,751
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to use AWS Cloudwatch Logs and what kind of things we can do with Azure Sentinel and AWS Cloudwatch logs
I have connected successfully AWS Cloudwatch Logs and it is showing under Threat Management-Workgroups in Sentinel now. So i would like some help as to what kind of query i can run in sentinel to retrieve any security threats in my AWS environment. My…
asked 2019-11-27T19:28:53.003+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 77%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Pallab Chakraborty
401
Reputation points
accepted 2019-12-13T02:30:45.123+00:00
Pallab Chakraborty
401
Reputation points