Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…
How to take the Network Security Group(NSG) logs to Azure Sentinel
Hello, I have Azure Sentinel, Kindly suggest the steps how to forward the NSG(Azure Firewall) logs to Sentinel. Regards, Chandan Prajapati
Window Firewall
Hello All, Kindly suggest me how to take the Windows Firewall logs to Sentinel. Thank You
Is it possible to display Sentinel Incidents and Alerts within Azure Dashboards
Hi, I am wondering if i can query the SecurityAlert logs within Dashboard query? I find the workbooks and the Sentinel Overview screen to not be ideal as a dashboard screen and want to have it all in dashboards
What's the best way to get on-premise Domain Controller Logs into Sentinel?
I'm working to get logs from an on-prem server into Sentinel. Really all I need is visibility into what's going on, and some route to respond to threats so it doesn't necessarily have to be Sentinel but that's what I've been using so far to monitor Azure…
Nsg Log to Sentinel
Hello, Can any one provide me the exact process/Docs/link for how to enable Azure Firewall(NSG) to Sentinel. Or how to see the (Azure Firewall) NSG logs in Sentinel. Thanks Rohit
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
I have two different fortigate that stream logs to a CEF collector (linux oms agent). The agent relays the info to logs analytics workspace that has azure sentinel and it does process them. When querying the logs I do not have a way to know from which…
Getting a 500 error when creating a office 365 dataconnector by using the azure api.
Hello, I'm trying to replicate this example and I'm getting a 500 error. Does anybody has faced this same issue before? …
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
I am trying to create an alert query that will let me know if a specific source has not provided logs within 7 days, but I am not sure the what syntax would allow for this. It is simple to find entries older than 7 days, but is it possible to alert if…
AI for Covid19
In today's crisis of Covid19, AI will definitely is a key element to be used to further enhance humanity and health of the world. What would be the best technology to be used?
Looking for a sample event that triggers when one of the existing users has been assigned with "global admin privilege" in office 365
On the SIEM solution (eg. Azure sentinel), i am looking to create a correlation rule that will use the event that gets generated when one of the existing users has been assigned with the 'global admin' privileges. As i do not have any such instances from…
What happens after free trial for Azure Sentinel expires and what are the trial limits?
Our client wants to try trial version of Azure Sentinel and is curious what happens after free trial expires, for example, will he lose access to all features or will he have access to partial free features or he'll have access but will pay per usage. …
Will Azure Sentinel integrate with my organization’s existing tools?
Will Azure Sentinel integrate with my organization’s existing tools? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Azure Sentinel
What are “Incidents” in Azure Sentinel and how are they different from alerts?
What does it mean when I see a list of new and open incidents in Azure Sentinel? What are incidents in Azure Sentinel and how are they different from alerts? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud…
Do I need an Azure subscription to use Azure Sentinel?
Do I need an Azure subscription to use Azure Sentinel or can I purchase it as a standalone? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Sentinel FAQ ]
What is Azure Sentinel, and how does it work?
I want to understand what Azure Sentinel is, and how does it work? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]
How to use AWS Cloudwatch Logs and what kind of things we can do with Azure Sentinel and AWS Cloudwatch logs
I have connected successfully AWS Cloudwatch Logs and it is showing under Threat Management-Workgroups in Sentinel now. So i would like some help as to what kind of query i can run in sentinel to retrieve any security threats in my AWS environment. My…