Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,164 questions
1 answer
Sentinel Smart Deployment cannot push csv file to Azure DevOps
When I deploy content to sentinel using Azure DevOps, the content deploys successfully but when smart deployment enabled, it cannot push csv tracking file to Azure Repo with error [Warning] API call failed:…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 57.00000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
1 answer
Update to Python 3.11 got SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))
Hi, After we updated our Sentinel data connector(implemented in Azure Function) to use python3.11 from 3.10, we got SSL Error from urllib3 when making API calls: SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify…
asked 2024-09-24T17:10:13.2266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 64%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXB%3C/text%3E%3C/svg%3E)
Xiuyang Bobby Sun
65
Reputation points
answered 2024-11-14T10:00:01.8433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
560
Reputation points Microsoft Employee
1 answer
Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool
Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool. Who has not logged in over the past 30 days For those who have logged in, how many days did they log in What is the amount of time users…
asked 2024-11-11T23:53:53.5633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 27%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Joshua Hensley
21
Reputation points
commented 2024-11-14T05:42:14.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 47%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mounika Reddy Anumandla
745
Reputation points Microsoft Vendor
0 answers
Can we send Defender for Cloud's logs to Sentinel's LAW without "Defender for cloud connector" configured in Sentinel?
Question: While deploying Defender for Cloud, if we select the same LAW (workspace) that Sentinel is using, do we still need to configure Defender for Cloud connector and configure it in Sentinel? In this scenario, do Defender for Cloud and Sentinel's…
asked 2024-11-12T14:28:00.0966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
250
Reputation points
commented 2024-11-14T02:28:15.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
12,485
Reputation points Microsoft Vendor
0 answers
Difficulty Identifying Edited Rules in Azure Firewall Logs via KQL
Hello, community! I'm having trouble identifying specific changes to Azure Firewall rules through KQL (Kusto Query Language). After modifying certain firewall rules, I can see that edits have occurred through the firewall’s logs tab (where it shows a…
asked 2024-11-07T14:16:55.0666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 60%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Hyago Santana Mariano
20
Reputation points
edited a comment 2024-11-14T00:01:44.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
1,085
Reputation points Microsoft Vendor
1 answer
logic App to ingest notification of azure monitor alerte to Microsoft sentinel
Hi, In the alert rule configuration for Azure Monitoring, I need to set up an action group (Logic App) that will forward all alert notifications to Microsoft Sentinel. However, I require assistance with designing a Logic App that meets my needs, as I'm…
asked 2024-11-08T17:44:51.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 51%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Dhahri, Arwa
0
Reputation points
commented 2024-11-13T19:18:33.3466667+00:00
LeelaRajeshSayana-MSFT
16,121
Reputation points
1 answer
How to export piechart from MS Defender XDR Advanced Hunting?
Hello everyone, I am trying to export query result as a piechart, but there is no such an option. Do I miss something or is impossible? Thanks! Aleksandar
asked 2024-11-12T09:51:02.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 1%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Aleksandar Tomov
30
Reputation points
answered 2024-11-13T00:25:38.94+00:00
James Hamil
25,636
Reputation points Microsoft Employee
1 answer
How to enable Azure Activity Sentinel Data Connector
Hi, I'm trying to enable Azure Activity Sentinel Data Connector. I've manage to install it and when I follow the 'Launch Azure Policy Assignment Wizard' it completes successfully, however the Azure Activity Data Connector never shows 'green/connected'…
asked 2024-11-07T12:11:18.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 81%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Silva, Luis
0
Reputation points
commented 2024-11-12T21:51:18.9633333+00:00
Navya
12,485
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
How to do a recursive function with KQL
I have table in Sentinel for all employees. Each lines has an name, employee ID and a direct supervisor ID. I want to be able to give the supervisor ID, and from there, have a recursive loop that will verify all employee who has that supervisor as a…
asked 2024-11-01T19:34:43.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 36%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
GuyP Dubois
20
Reputation points
accepted 2024-11-12T15:10:25.5166667+00:00
GuyP Dubois
20
Reputation points
1 answer
Sentinel - Summary rules doesn't send triggered events to destination
I have been exploring summary rules, created a summary rule that has a KQL. Source is one of my custom table that has some logs I want to trigger via summary rules and ingest in a custom analytic table. When I try to simulate the KQL query it shows me…
asked 2024-11-08T12:45:25.03+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
0
Reputation points
commented 2024-11-12T14:42:00.3966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
8,095
Reputation points Microsoft Vendor
1 answer
What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?
I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes: AppDisplayName: Office 365 Management AppId:…
asked 2024-11-07T16:22:56.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
0
Reputation points
commented 2024-11-12T09:11:32.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
BANDELA Siri Chandana
245
Reputation points Microsoft Vendor
1 answer
How can I configure Microsoft Sentinel to create a new incident instead of adding to an existing one?
I'm facing an issue in Microsoft Sentinel where incidents generated by an analytics rule are automatically closing and merging with an existing "multiple-stage" incident. As shown in the attached screenshot, each new incident created by the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 22%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
2 answers
Cannot enable UEBA feature on Sentinel
Hi, I'm having some issues while trying to enable the UEBA feature in a Sentinel instance. When I try to turn the switch ON, I get the following error message: "Updating the Entity Providers failed". I've seen 2 questions related to this…
asked 2024-11-06T12:02:39.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 15%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Alberto Barrado Jiménez
5
Reputation points
answered 2024-11-11T19:41:57.87+00:00
Andrew Blumhardt
9,866
Reputation points Microsoft Employee
1 answer
'updating the entity providers failed'. microsoft sentinal
I'm having some issues while enabling the UEBA feature in a Sentinel instance. When I try to turn the switch ON, I get the following error message: "Updating the Entity Providers failed". i am trying this with a global admin account but still…
asked 2024-11-11T12:33:58.0366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 25%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHJ%3C/text%3E%3C/svg%3E)
Hain Joseph
0
Reputation points
answered 2024-11-11T19:15:27.54+00:00
James Hamil
25,636
Reputation points Microsoft Employee
0 answers
How to find existing data connectors of Azure logic app workflow
Hello Team, We are facing issue with existing data connector in Microsoft Sentinel Playbook. We are unable to find the existing data connector at our end. Please help. Thank You.
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,219 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
4,001 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,164 questions
asked 2024-11-11T15:44:45.08+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 7.000000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Bharat Debhade
0
Reputation points
commented 2024-11-11T16:36:59.91+00:00
Clive Watson
6,601
Reputation points MVP
1 answer
Cant Import Sentinel Alert Rules
Good morning, I am having difficulty importing sentinel rules after I deleted old ones. I deleted the old rules on friday 9/27 9am EST and am getting the error the rule with ID 'xyz' was recently deleted. You need to allow some time before re-using the…
asked 2024-09-30T13:22:40.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Eugene Golovanyuk
40
Reputation points
commented 2024-11-07T18:19:18.3966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 73%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIG%3C/text%3E%3C/svg%3E)
Igor Guarisma
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Sentinel duplicate alerts and incidents
In sentinel We have an alert "User Assigned Privileged Role" and it repeats every hour for a day or two. How do I stop it repeating itself. The rule itself triggers when an administrator changes permissions for another user (or themselves)…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 78%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
2 answers
How to Upload Carbon Black Logs and Alerts into Azure Sentinel for Evaluation
I am trying to evaluate how much Azure Sentinel helps my business's security needs. I am particularly interested in seeing how well Azure Sentinel can cluster alerts together. I have taken a small amount of EDR logs and alerts (which are in json format)…
asked 2024-11-05T17:55:49.1566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 0%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
psec-comp
0
Reputation points
answered 2024-11-06T12:12:44.0266667+00:00
Andrew Blumhardt
9,866
Reputation points Microsoft Employee
1 answer
Pagination in MS Sentinel Threat Indicators API
I am using the below endpoint to list Azure Sentinel Threat Indicators. I have about 350~ in the MS Sentinel instance, and when I query the endpoint it gives me the first 100 and also a nextLink value. I query the next set using the nextlink value and…
asked 2024-09-30T16:48:50.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 97%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JB
0
Reputation points
answered 2024-11-05T09:26:16.4433333+00:00
Pauline Mbabu
560
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How I can see criticality level of subscription in Azure sentinel
Generally, we can configure criticality level of subscription in Azure portal so how we can see such information in Azure sentinel logs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 23%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)