Microsoft SentinelCEF Installer
I have tried installing cef installer on linux machine - 404 not found error
Can I use [ Threat Intelligence Platforms - BEING DEPRECATED (Preview) ] data connector from threat intelligence solution?
I am using a graph API and need to connect below mentioned connector to ingest the indicator but as it will going to be deprecated should I use the same method to ingest the indicators, also I have a doubt that as mentioned in this data connector's…
Sending incident from Sentinel to Teams
Hi, I'm struggling with some very simple automation where Sentinel incidents should be forwarded to Teams channelIn SOAR Essentials there are two solutions for this Post Message to Teams and Send Adaptive Card The first is simpler, it uses Microsoft…
Can I use Graph API of tiIndicator: submitTiIndicators in my data connector which I will going to publish on azure portal?
can I use below mentioned graph API in production environment for creating TI indicator on sentinel using data connector. https://learn.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http
Azure Active Directory Identity Protections Risk Detections not all integrate into 365 Defender for indentity
Hi, We have enabled "User report suspicious activities" in the Azure AD Multi-Factor Authentication settings. We do have a user report fraud via authenticator. And Azure Active Directory Identity Protections Risk Detections triggered…
Give Sentinel permissions to run playbooks Failure
Hello, I'm unable to assign a playbook to an automation rule that I've created in Azure sentinel, du to lack of permissions. The error message is the following : Successfully added permissions to 0 of 1 resource groups. Failure reason: The client…
how to have logs sent from multiple different non connected azure and aws tenants to one instance of Azure Sentinel
i have 1 main tenant with our azure arc and azure sentinel instance. i need to get all the machines on several non connected azure and aws tenants to send their logging to our azure sentinel. no vpns are allowed between the tenants. azure arc will work…
Kusto Query searching for when an Entra ID user account has been enabled and after that, the password has been reset on that account
I am trying to write a Kusto query to search for when a user account has been enabled and after that, the password has been reset on that account. I have got this far, but still not sure if this is right, I would love someone to help me please! let…
Your message wasn't delivered because the recipient's email provider rejected it.
Hi Im trying to report a scam email to the fraud police but keep getting the error when forwarding it. I tried through the outlook android app and on outlook.com om firefox browser. Sorry for incorrect tag. I couldnt find outlook email :(
Azure Sentinel does not find Log Analytics Workspace
I'm trying to create a nel Setinel enviromment. I Have a Partner subscription to Azure and I've created another one. I've created in both subscriprion a workspace and an instance to Log Analytics. No one seems to be connected to sentinel
How to provide checkbox selection in parameters section of ARM Template for a parameter
I have a usecase where I need to provide checkbox selection to user for fillling parameter values in Azure Resource Manager Template of Data Connector/ Playbook(Azure Logic Apps). I have tried to provide type=array while providing allowedValues but it is…
HAVING MY SYSLOG SERVER IN AZURE CLOUD FOR ONPREM MIRAKI
This article https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog describes the collection of syslog from linus base devices like my Miraki devices. However, the current architecture requires the use of a VM on-prem which will allow the log…
Microsoft Sentinel | Data connector won't disconnect
Hi, I've currently got these data connectors: I want to disconnect the following: When i open the connector page on Defender for Endpoint etc, everything is disabled, see below: The same with Defender XDR: The same with Threat…
Export and Import Saved Queries and Functions from one Sentinel Workspace to Another
What are the ways to export and import Saved Queries and Functions from one sentinel workspace to another? The only reference I have is this one:…
How to connect jumpcloud data connector in sentinel using azure functions
I'm trying to connect the jump cloud data connector, but no such data connector is available in the connectors, and I learned that I have to use Azure functions to fetch the jump cloud data to sentinel. Can someone good at it help me with any articles or…
Microsoft graph Security connector Error
Hello, I configure logic Apps that can create tiindicator. So, I used Microsoft graph Security connector and I made App (has ThreatIndicators.ReadWrite.OwnedBy) { "error": { "code": "UnknownError", …
E3 vs E5 from a security perspective: Unified XDR/SIEM
Hi, A customer with E5 wants to downgrade to E3. Currently, he has XDR services (All Defenders) and Sentinel. Will he lose any services during the downgrade process?
Sentinel Analytic Rule Query Cannot Resolved Table
Hi- This was a working analytic rule for couple days now, but today when I tried to edit the rule, I encountered the "Failed to resolve table expression name" error. The table exists and workspace has no problem resolving it, but analytic rule…
Atlassian Confluence Audit Connector Not Sending Log Data To Microsoft Sentinel
Hi- I deployed the Atlassian Confluence Audit Connector for Microsoft Sentinel via Azure Functions following this article (https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/atlassian-confluence-audit-using-azure-functions). However, in…
how to configure Microsoft Copilot logs are ingested automatically to the Azure Sentinel?
Hi Fams, Could I get some assistance with configuring copilot logs into azure sentinel. Thanks,