Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,005 questions
1 answer
Custom Data Connector into Sentinel Content-Hub
Hello Microsoft Community, We are planning to build & integrate our custom data connector into the Sentinel Content-Hub to enable data analysis services for our customers who are interested in Azure Sentinel. And our data, which is unique and…
asked 2024-05-31T01:00:56.8333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
LXF
20
Reputation points
answered 2024-05-31T13:55:18.13+00:00
Akshay-MSFT
16,676
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How Do I Configure JSON Items for Different Types of Data Connectors?
Hello, I'm wondering if there're any wiki pages that give explanation and how to properly configure the data connectors. Thank you! I've been exploring the variety of data connectors available in Azure, such as GenericUI, APIPolling, and others, through…
0 answers
Syslog Transformation DCR not working
I need assistance troubleshooting a Syslog Transformation DCR used with Microsoft Sentinel. The Transformation DCR looks to work correctly in the Create Transformation wizard, but doesn't actually filter out the records. I have a few Syslog/CEF…
asked 2024-05-29T16:03:21.6833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 54%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Greg Sneed
0
Reputation points
commented 2024-05-30T19:36:20.3433333+00:00
Greg Sneed
0
Reputation points
1 answer
One of the answers was accepted by the question author.
The request type when fetching to S3
Hi all, I would like to connect S3 and microsoft sentinel. I have a question. ・I think you fetch files from microsoft sentinel to S3, is the request type GET? The following is the page to which we…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 3%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Moving Sentinel to a different management group
Hey folks, I know that moving Sentinel from one subscription to a different one is not supported and can break things. Could somebody tell me, whether moving a whole subscription that contains a Sentinel instance from one management group to another…
asked 2024-05-23T12:30:00.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 94%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Sándor Tőkési
181
Reputation points
accepted 2024-05-29T16:45:31.3066667+00:00
Sándor Tőkési
181
Reputation points
0 answers
Isolate Machine -playbook in Sentinel
Hi, we are trying to create isolate machine Sentinel incident playbook but we only get error message 404 resource not found when running it. Is it possible to use that playbook if machine accounts are synced from on-premise ad or does it need something…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 3%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
0 answers
Sentinel - Sophos Endpoint Protection (using REST API) (Preview) - Fails due to trying to create a table with a hyphen!
When trying to configure and deploy the new Sophos API connector for Sentinel it fails. Looks like it's trying to create a new table called Custom-SophosEPAlerts_CL but tables cannot contain hyphens so needs changing to CustomSophosEPAlerts_CL…
asked 2024-05-22T09:34:28.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 6%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
James Grant
0
Reputation points
commented 2024-05-28T12:43:58.3066667+00:00
Andrew Blumhardt
9,601
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Threat Intelligence Sharing
Hi all, Is it possible to use threat intelligence from a third party solution with Microsoft sentinel? And if possible, how would you connect them? Custom connectors? regard,
1 answer
One of the answers was accepted by the question author.
Mismatch in amount of data received in logs analytics workspace and DCR metrics
I have defined a data collection rule and am using logs ingestion api to send data to 2 custom tables. I have defined diagnostic settings for the DCR such that error logs are sent to logs analytics workspace. For about an hour, I have events ingested…
asked 2024-03-28T07:47:47.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
230
Reputation points
commented 2024-05-24T10:08:55.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 1%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Labcorp
0
Reputation points
2 answers
Got 1 Linux Computers Connected via Log Analytics Linux agnet (legacy) after clean uninstall Azure Arc Machines
I got trouble when want to clean uninstall Arc Machine in Ubuntu 22 because when i run troubleshoot while finised installed omsagent it says it's not support in Ubuntu 22. So i want to make another machine with ubuntu 20, i'm running command for…
asked 2024-05-21T09:38:44.3633333+00:00
zake
0
Reputation points
commented 2024-05-23T17:46:35.5166667+00:00
deherman-MSFT
34,036
Reputation points Microsoft Employee
1 answer
Retention and archiving cost of non-billable tables
Hey folks I see MS updated this page a few months ago: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-3%2Cportal-1%2Cportal-2#pricing-model This part has been added to the documentation: "Log data…
asked 2024-04-29T06:09:12.3466667+00:00
Sándor Tőkési
181
Reputation points
commented 2024-05-23T11:43:27.7533333+00:00
Sándor Tőkési
181
Reputation points
1 answer
One of the answers was accepted by the question author.
How to get additional details about Mitre attacks like(mitre_tactic_id mitre_technique_id mitre_tactic mitre_technique mitre_subTechnique) ?
Hello, Greetings of the day We are using the below endpoint to collect the alerts. These alerts consist of a wide range of data including mitreTechniques. Further, I would like to know if it is possible to extract more information about Mitre Attacks…
asked 2024-05-16T06:05:28.6033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Vimalkumar Nayak
20
Reputation points
accepted 2024-05-23T06:31:30.8766667+00:00
Vimalkumar Nayak
20
Reputation points
1 answer
Problems with data collectors and syslog
So, i have a task to integrate security logs that are beeing sent via syslog protocol formatted as CEF https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama?tabs=syslog%2Cportal I do have an VM linux It does have the python…
asked 2024-05-13T13:22:19.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 50%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Mock -
0
Reputation points
commented 2024-05-23T06:14:49.8766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
28,201
Reputation points Microsoft Employee
1 answer
Upgrade GitHub App Azure-Sentinel
We have been using the Azure-Sentinel GitHub App to synchronize our repository to Sentinel. Its been a while since its been installed and lately we have been getting the following error: deploy-content Node.js 16 actions are deprecated. Please update…
asked 2024-05-20T19:24:19.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
George Zerphey
136
Reputation points
commented 2024-05-22T22:55:11.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
35,116
Reputation points Microsoft Employee
2 answers
Not allowing to connect Sentinel Data connector with Defender XDR
Hello, I was trying to connect the "Microsoft Defender XDR" connector with "Microsoft Sentinel", but I am facing the below error. I am not sure why Sentinel is not allowing to establish the XDR connector. As I am the Owner of the…
asked 2024-05-08T12:07:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Karan Bhatt
27
Reputation points
commented 2024-05-22T21:39:19.9566667+00:00
James Hamil
22,436
Reputation points Microsoft Employee
1 answer
Finding classic automation in Sentinel analytics
I have the ability to search through ARM templates for the Sentinel analytics and I'm hoping to find a way to detect the use of classic alert automation. Does anyone know what i should be searching for in the ARM template? We have not used this method,…
asked 2024-05-15T18:59:30.75+00:00
George Zerphey
136
Reputation points
commented 2024-05-22T21:27:51.3833333+00:00
James Hamil
22,436
Reputation points Microsoft Employee
1 answer
Azure Activity Log Data Connector Configuration
Hi, Recently, I onboarded Azure activity by following the instructions on the data connector page and completed the configuration successfully. This process involved creating a policy to send the logs to the log analytics workspace. During the setup, I…
asked 2024-05-20T08:13:54.5633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Someiah C S
60
Reputation points
commented 2024-05-21T10:31:51.9766667+00:00
Someiah C S
60
Reputation points
1 answer
One of the answers was accepted by the question author.
Testing Microsoft Defender XDR with Azure Sentinel in a CDX-like Environment
I'm looking to try out Microsoft Defender XDR with Azure Sentinel, but my current setup—a CDX tenant under an E5 subscription—doesn't have an active Azure subscription. Any suggestions for workarounds or similar environments where I can test Microsoft…
asked 2024-05-14T06:07:28.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 77%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Avishka Bandarathilaka
20
Reputation points
commented 2024-05-17T10:03:46.94+00:00
Avishka Bandarathilaka
20
Reputation points
4 answers
Caller is missing required playbook triggering permissions on playbook resource
I have created a custom playbook but I get the error: Failed to trigger playbook Caller is missing required playbook triggering permissions on playbook resource…
asked 2023-02-07T06:01:54.6333333+00:00
Robert D. Crane
46
Reputation points MVP
commented 2024-05-16T21:03:26.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Anderson Lacruz
0
Reputation points
0 answers
Extensions AMA - Impossible to install agent
Hello, I'm trying to deploy an AMA extension but I m stuck in "creating" with the following error messages from the Guestconfig file on a RHEL 9 linux servers: [2024-05-15 15:52:30.135] [PID 1117] [TID 1629] [Pull Client] [INFO] Successfully…
asked 2024-05-15T14:42:38.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 42%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
Christophe Rosenkranz
0
Reputation points
edited the question 2024-05-16T19:09:30.2466667+00:00
Christophe Rosenkranz
0
Reputation points