Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
996 questions
1 answer
One of the answers was accepted by the question author.
Testing Microsoft Defender XDR with Azure Sentinel in a CDX-like Environment
I'm looking to try out Microsoft Defender XDR with Azure Sentinel, but my current setup—a CDX tenant under an E5 subscription—doesn't have an active Azure subscription. Any suggestions for workarounds or similar environments where I can test Microsoft…
asked 2024-05-14T06:07:28.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 77%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Avishka Bandarathilaka
20
Reputation points
commented 2024-05-17T10:03:46.94+00:00
Avishka Bandarathilaka
20
Reputation points
1 answer
How to get additional details about Mitre attacks like(mitre_tactic_id mitre_technique_id mitre_tactic mitre_technique mitre_subTechnique) ?
Hello, Greetings of the day We are using the below endpoint to collect the alerts. These alerts consist of a wide range of data including mitreTechniques. Further, I would like to know if it is possible to extract more information about Mitre Attacks…
asked 2024-05-16T06:05:28.6033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Vimalkumar Nayak
0
Reputation points
edited an answer 2024-05-17T06:27:44.7533333+00:00
Clive Watson
5,721
Reputation points MVP
4 answers
Caller is missing required playbook triggering permissions on playbook resource
I have created a custom playbook but I get the error: Failed to trigger playbook Caller is missing required playbook triggering permissions on playbook resource…
asked 2023-02-07T06:01:54.6333333+00:00
Robert D. Crane
46
Reputation points MVP
commented 2024-05-16T21:03:26.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Anderson Lacruz
0
Reputation points
2 answers
Not allowing to connect Sentinel Data connector with Defender XDR
Hello, I was trying to connect the "Microsoft Defender XDR" connector with "Microsoft Sentinel", but I am facing the below error. I am not sure why Sentinel is not allowing to establish the XDR connector. As I am the Owner of the…
asked 2024-05-08T12:07:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Karan Bhatt
27
Reputation points
edited an answer 2024-05-16T19:38:43.51+00:00
James Hamil
22,186
Reputation points Microsoft Employee
0 answers
Extensions AMA - Impossible to install agent
Hello, I'm trying to deploy an AMA extension but I m stuck in "creating" with the following error messages from the Guestconfig file on a RHEL 9 linux servers: [2024-05-15 15:52:30.135] [PID 1117] [TID 1629] [Pull Client] [INFO] Successfully…
asked 2024-05-15T14:42:38.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 42%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
Christophe Rosenkranz
0
Reputation points
edited the question 2024-05-16T19:09:30.2466667+00:00
Christophe Rosenkranz
0
Reputation points
1 answer
Problems with data collectors and syslog
So, i have a task to integrate security logs that are beeing sent via syslog protocol formatted as CEF https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama?tabs=syslog%2Cportal I do have an VM linux It does have the python…
asked 2024-05-13T13:22:19.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 50%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Mock -
0
Reputation points
answered 2024-05-16T11:21:08.9366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
28,021
Reputation points Microsoft Employee
1 answer
Cisco FTD data connector
Hello, I have a customer that is configuring the CISCO FTD data connector. But they say CISCO FTD documentation shows it support only syslog format. They would like some clarification on the following questions: I. Clarify whether Cisco FTD supports…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 24%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
0 answers
Finding classic automation in Sentinel analytics
I have the ability to search through ARM templates for the Sentinel analytics and I'm hoping to find a way to detect the use of classic alert automation. Does anyone know what i should be searching for in the ARM template? We have not used this method,…
asked 2024-05-15T18:59:30.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
George Zerphey
131
Reputation points
commented 2024-05-15T19:55:01.7333333+00:00
James Hamil
22,186
Reputation points Microsoft Employee
1 answer
How to generate data in Alert, AlertHistory, AlertEvidence and AlertInfo tables in Log Analytics workspace?
We would like to generate the data in the following tables in Azure Monitor and Security categories described in the docs, https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/alert …
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,852 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
978 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
996 questions
asked 2024-05-14T17:18:18.1266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 35%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Virpara, Rahul (Contractor)
0
Reputation points
commented 2024-05-15T18:34:52.06+00:00
Virpara, Rahul (Contractor)
0
Reputation points
2 answers
Issue with Microsoft Sentinel Connectors
Hello! Prior to May the 7th 2024, There were roughly 20 connectors that were connected and working as expected with respect to the Microsoft Sentinel and the log analytics workspace. On the mentioned date we noticed this anomaly where out of the 20 odd…
asked 2024-05-10T20:00:28.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 67%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Vignesh Sundar
0
Reputation points
answered 2024-05-15T16:53:59.9733333+00:00
Vignesh Sundar
0
Reputation points
1 answer
Remote Desktop Connection error- Windows 11
A newbie here trying to setup Azure Sentinel (SIEM) & connect it to a live virtual machine that will act as a honeypot. But facing an error with RDP, Windows 11 home edition doesn't support Remote Desktop.…
asked 2024-05-08T06:48:15.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 28.999999999999996%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
sam_2k4
0
Reputation points
commented 2024-05-15T07:44:01.6766667+00:00
Karlie Weng
14,801
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Sentinel Kusto Query todatetime function does not work with dynamic values.
I have a kusto query to calculate MTTR by client. When an incident is resolved, an analyst comments the resolution time in the format R: time where time is when the incident was resolved and R is to make the comment unique. Example R: Friday, May 10,…
asked 2024-05-10T11:24:54.8433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 0%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Julius Ekane
20
Reputation points
accepted 2024-05-14T12:38:04.1866667+00:00
Julius Ekane
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Sentinel bicep deployment : InvalidParameter - Solution product cannot start with 'OMSGallery/' as it is reserved for Microsoft first party solutions.
Hello, i am learning how to script and i wish to deploy Sentinel with bicep. I have created a script from Microsoft templates and have added variables as well as a jsonc parameters file. I use VSC with the bicep extension in order to "easily"…
asked 2023-01-17T16:00:00.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 14.000000000000002%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Dunvael LE ROUX
40
Reputation points
commented 2024-05-14T05:58:23.0133333+00:00
Stanislav Zhelyazkov
21,506
Reputation points MVP
0 answers
Tenable Io sentinel solution can not identify log analytics work space?
Tenable Io sentinel solution can not identify log analytics work space?
asked 2022-07-31T07:15:47.387+00:00
Sherif Israil Saad
1
Reputation point
commented 2024-05-11T03:06:52.74+00:00
Sherif Israil Saad
1
Reputation point
2 answers
How to separate logs receiving on syslog port 514 to separate table during ingestion and avoid duplication.
Hi Team, I have centralized log forwarders setup which collects logs on 514 port from different application, I want to send those logs to separate table by filtering them at ingestion time. Currently all logs are going to syslog using default DCR rule,…
asked 2024-05-03T13:16:08.3933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Disha Bodade
65
Reputation points
commented 2024-05-09T16:45:42.0833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
28,571
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How are github links created/referenced in function app
I am finding it difficult to understand how are these links generated. https://aka.ms/sentinel-ApigeeXDataConnector-azuredeploy https://aka.ms/sentinel-ApigeeXDataConnector-functionapp I am building a similar function app json for my solution, and I…
asked 2024-04-27T00:50:47.2866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
165
Reputation points
accepted 2024-05-09T04:49:56.79+00:00
Ashwin Venkatesha
165
Reputation points
1 answer
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Applied skills Name: Deploy containers by using Azure Kubernetes Service Issue: This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
asked 2024-03-24T11:56:12.4166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
pritam bhor
25
Reputation points
commented 2024-05-09T04:18:52.16+00:00
Philipp Moser
5
Reputation points
1 answer
One of the answers was accepted by the question author.
Inquiry Regarding Multiple 4624 Event ID Logs for Single User Login
Hello Team, I am reaching out to inquire about a matter related to our Windows Security logs. Specifically, we have observed multiple instances of Event ID 4624 being logged for a single user login event in the Security Events table. As part of our…
asked 2024-05-01T18:05:09.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 83%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Srisaiteja Palle
20
Reputation points
accepted 2024-05-08T16:56:42.5566667+00:00
Srisaiteja Palle
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Respond to incidents across multiple tenants deploying Defender XDR from One Centralized Ms Sentinel
Hello, I have a customer having 3 tenant A,B and C. Tenant A and C each are using Microsoft Defender XDR. MS Sentinel is configured on Tenant B. He want to centralize all events and logs on Sentinel and want to configure responses if any incident is…
asked 2024-05-02T13:05:38.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 81%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Farah MHAMDI
20
Reputation points
commented 2024-05-08T14:54:53.59+00:00
Farah MHAMDI
20
Reputation points
1 answer
Watchlist Azure Sentinel Update
Is there anyone who has or knows of a source of information that can provide a more comprehensive or extensive list of SocRA than what is available in this link: https://github.com/Azure/Azure-Sentinel/blob/master/docs/SOCAnalystActionsByAlert.csv? I…
asked 2024-05-02T07:02:53.7066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 39%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
M Nurohmat
100
Reputation points
commented 2024-05-08T08:49:26.61+00:00
Givary-MSFT
28,571
Reputation points Microsoft Employee