Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
0 answers
Microsoft SentinelCEF Installer
I have tried installing cef installer on linux machine - 404 not found error
asked 2024-02-20T03:42:37.4466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 93%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Praveen Ayyasamy
20
Reputation points
commented 2024-02-20T11:54:43.84+00:00
Praveen Ayyasamy
20
Reputation points
2 answers
Can I use [ Threat Intelligence Platforms - BEING DEPRECATED (Preview) ] data connector from threat intelligence solution?
I am using a graph API and need to connect below mentioned connector to ingest the indicator but as it will going to be deprecated should I use the same method to ingest the indicators, also I have a doubt that as mentioned in this data connector's…
asked 2023-07-27T12:57:09.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bharvi Bhut
181
Reputation points
answered 2024-02-19T17:20:53.6066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Fiona Matu
81
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Sending incident from Sentinel to Teams
Hi, I'm struggling with some very simple automation where Sentinel incidents should be forwarded to Teams channelIn SOAR Essentials there are two solutions for this Post Message to Teams and Send Adaptive Card The first is simpler, it uses Microsoft…
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,074 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,845 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
asked 2024-02-16T12:10:24.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 62%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
Laszlo Pal
20
Reputation points
commented 2024-02-19T15:26:56.1+00:00
Laszlo Pal
20
Reputation points
1 answer
Can I use Graph API of tiIndicator: submitTiIndicators in my data connector which I will going to publish on azure portal?
can I use below mentioned graph API in production environment for creating TI indicator on sentinel using data connector. https://learn.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http
asked 2023-07-27T06:08:20.56+00:00
Bharvi Bhut
181
Reputation points
answered 2024-02-18T13:54:02.53+00:00
Fiona Matu
81
Reputation points Microsoft Employee
0 answers
Azure Active Directory Identity Protections Risk Detections not all integrate into 365 Defender for indentity
Hi, We have enabled "User report suspicious activities" in the Azure AD Multi-Factor Authentication settings. We do have a user report fraud via authenticator. And Azure Active Directory Identity Protections Risk Detections triggered…
asked 2023-08-10T01:27:42.7566667+00:00
Ao(Jonas) Sun
0
Reputation points
commented 2024-02-18T12:42:13.6466667+00:00
Fiona Matu
81
Reputation points Microsoft Employee
1 answer
Give Sentinel permissions to run playbooks Failure
Hello, I'm unable to assign a playbook to an automation rule that I've created in Azure sentinel, du to lack of permissions. The error message is the following : Successfully added permissions to 0 of 1 resource groups. Failure reason: The client…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 33%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
0 answers
how to have logs sent from multiple different non connected azure and aws tenants to one instance of Azure Sentinel
i have 1 main tenant with our azure arc and azure sentinel instance. i need to get all the machines on several non connected azure and aws tenants to send their logging to our azure sentinel. no vpns are allowed between the tenants. azure arc will work…
asked 2024-02-13T20:18:00.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 45%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Darren Phillips
1
Reputation point
commented 2024-02-14T14:59:30.1933333+00:00
Timmy Malmgren
811
Reputation points
1 answer
One of the answers was accepted by the question author.
Kusto Query searching for when an Entra ID user account has been enabled and after that, the password has been reset on that account
I am trying to write a Kusto query to search for when a user account has been enabled and after that, the password has been reset on that account. I have got this far, but still not sure if this is right, I would love someone to help me please! let…
asked 2024-02-13T10:15:43.98+00:00
Mark Summers
20
Reputation points
accepted 2024-02-14T08:42:59.0266667+00:00
Mark Summers
20
Reputation points
1 answer
Your message wasn't delivered because the recipient's email provider rejected it.
Hi Im trying to report a scam email to the fraud police but keep getting the error when forwarding it. I tried through the outlook android app and on outlook.com om firefox browser. Sorry for incorrect tag. I couldnt find outlook email :(
asked 2022-10-27T12:20:53.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 38%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUT%3C/text%3E%3C/svg%3E)
unbuttered toast
1
Reputation point
answered 2024-02-11T00:50:50.2766667+00:00
Bill Clarkson-Antill
5
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
Azure Sentinel does not find Log Analytics Workspace
I'm trying to create a nel Setinel enviromment. I Have a Partner subscription to Azure and I've created another one. I've created in both subscriprion a workspace and an instance to Log Analytics. No one seems to be connected to sentinel
asked 2024-01-03T17:24:31.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 75%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Michele Broggi
20
Reputation points
edited the question 2024-02-08T15:10:55.88+00:00
tbgangav-MSFT
10,381
Reputation points
1 answer
How to provide checkbox selection in parameters section of ARM Template for a parameter
I have a usecase where I need to provide checkbox selection to user for fillling parameter values in Azure Resource Manager Template of Data Connector/ Playbook(Azure Logic Apps). I have tried to provide type=array while providing allowedValues but it is…
asked 2024-02-02T17:09:45.16+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 62%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Nirali Shah
146
Reputation points
commented 2024-02-06T23:30:09.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Mike Urnun
9,666
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
HAVING MY SYSLOG SERVER IN AZURE CLOUD FOR ONPREM MIRAKI
This article https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog describes the collection of syslog from linus base devices like my Miraki devices. However, the current architecture requires the use of a VM on-prem which will allow the log…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 46%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
Microsoft Sentinel | Data connector won't disconnect
Hi, I've currently got these data connectors: I want to disconnect the following: When i open the connector page on Defender for Endpoint etc, everything is disabled, see below: The same with Defender XDR: The same with Threat…
asked 2024-01-30T08:05:09.4866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 41%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Andreas Bjelven
130
Reputation points
commented 2024-02-05T14:49:13.4366667+00:00
Andreas Bjelven
130
Reputation points
1 answer
One of the answers was accepted by the question author.
Export and Import Saved Queries and Functions from one Sentinel Workspace to Another
What are the ways to export and import Saved Queries and Functions from one sentinel workspace to another? The only reference I have is this one:…
asked 2024-02-02T11:59:22.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 57.99999999999999%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tshabalala, Sifiso S
20
Reputation points
accepted 2024-02-05T12:07:37.79+00:00
Tshabalala, Sifiso S
20
Reputation points
1 answer
How to connect jumpcloud data connector in sentinel using azure functions
I'm trying to connect the jump cloud data connector, but no such data connector is available in the connectors, and I learned that I have to use Azure functions to fetch the jump cloud data to sentinel. Can someone good at it help me with any articles or…
asked 2024-01-19T12:38:38.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 2%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Harish Menti
0
Reputation points
commented 2024-02-01T21:43:41.83+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
Microsoft graph Security connector Error
Hello, I configure logic Apps that can create tiindicator. So, I used Microsoft graph Security connector and I made App (has ThreatIndicators.ReadWrite.OwnedBy) { "error": { "code": "UnknownError", …
asked 2024-01-19T06:31:21.6933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 22%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
mara7
161
Reputation points
commented 2024-02-01T21:25:53.38+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
E3 vs E5 from a security perspective: Unified XDR/SIEM
Hi, A customer with E5 wants to downgrade to E3. Currently, he has XDR services (All Defenders) and Sentinel. Will he lose any services during the downgrade process?
asked 2024-01-30T19:46:09.0366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 8%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERZ%3C/text%3E%3C/svg%3E)
Riadh Zehani
125
Reputation points
commented 2024-02-01T06:54:24.3433333+00:00
Akshay-MSFT
16,026
Reputation points Microsoft Employee
1 answer
Sentinel Analytic Rule Query Cannot Resolved Table
Hi- This was a working analytic rule for couple days now, but today when I tried to edit the rule, I encountered the "Failed to resolve table expression name" error. The table exists and workspace has no problem resolving it, but analytic rule…
asked 2024-01-30T01:50:27.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yang, Steven
151
Reputation points
commented 2024-01-30T21:19:56.8666667+00:00
Yang, Steven
151
Reputation points
1 answer
Atlassian Confluence Audit Connector Not Sending Log Data To Microsoft Sentinel
Hi- I deployed the Atlassian Confluence Audit Connector for Microsoft Sentinel via Azure Functions following this article (https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/atlassian-confluence-audit-using-azure-functions). However, in…
asked 2024-01-19T22:05:05.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 61%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWV%3C/text%3E%3C/svg%3E)
Wong, Vincent
0
Reputation points
commented 2024-01-30T20:20:14.1633333+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
how to configure Microsoft Copilot logs are ingested automatically to the Azure Sentinel?
Hi Fams, Could I get some assistance with configuring copilot logs into azure sentinel. Thanks,
asked 2024-01-18T22:27:13.99+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 2%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sanjeev Pokhrel
0
Reputation points
edited a comment 2024-01-30T05:57:10.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
27,966
Reputation points Microsoft Employee