Content Hub is missing Solutions
Hello, In the content hub I am only seeing 34 solutions. 24 hours ago I was able to see over 200 solutions. I have Azure Activity data connector installed and configured but in the content hub it says I have 0 installed. When I try to search for a…
ADX cost estimation
I want to prepare an estimate for ADX with 2TB monthly data.. I checked this link "https://dataexplorer.azure.com/AzureDataExplorerCostEstimator.html " . What should I put in for the field "Estimated Data Compression (x times)" …
Bulk delete Sentinel Threat Intelligence
I used Workspace Purge Rest API to bulk delete Sentinel threat intelligence. I used the api to remove intelligence from 'ThreatIntelligenceIndicator' table on sentinel but this did not end up deleting them from Sentinel threat intelligence (under Threat…
Microsoft sentinel - Data connector shows disconnected after installing
We recently activated Sentinel to give it a trial run. I set up a separate workspace for Sentinel and installed some data connectors. However, the WAF is still showing as disconnected even after installing and configuring it. We've only got WAF, not…
Microsoft Sentinel Threat Indicators API - nextLink returns same page
Hello, I have an issue where the nextLink is always returning the first page of the Threat Indicators in Sentinel. I'm using the following API-Uri to retrieve all Threat Indicators in a Sentinel Workspace…
Query set to run in my Logic App is timing out and failing
Hello everyone. I am trouble shooting an issue with my Logic App in which after an incident triggers, the next step is to run the query and list the results, but this part of the Logic App is what is timing out and failing. When reading the timeout…
Fortinet Playbook Deployment
Hello, Has anyone managed to create the three playbooks that are part of the solution for Fortinet without issues? I am having several issues with all of…
Adding tenable.io connector to Microsoft Sentinel
I am trying to connect tenable io connector to my Sentinel instance. I have followed the steps and provided the access key and other information requested. I can see in my resource group that everything was successfully deployed with app insight and…
Can't get my app to show up on Sentinel Content Hub
Hello, I am new to the partner portal. We've submitted our app to the partner portal and its been fully published. However, when I search for it in the Content Hub under Sentinel, I cannot find it. How do I get it so that my app shows up? We've…
When an alert is generated in XDR and then synced to Sentinel
When an alert is generated in XDR and then synced to Sentinel, is it possible to measure the time it takes for the alert to be synced? Is there a query that can be used to measure this time in minutes?
Sentinel Services on Azure Portal Showing Non-Sentinel Enabled Workspaces as Well
I have two Log analytics Workspaces, only one with Sentinel enabled, but both the workspaces are shown on Sentinel page on Azure portal, which makes it confusing. Is this default behaviour or can be switched off?
Data ingestion for Specific data/ specific time period data in table.
In azure sentinel I can calculate data ingestion for whole table but is there any way through which I can calculate specific size of data. Ex : In azure table how much data ingested in last 1 hour. Something like Search criteria & then…
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition
Customer is migrating Azure from CSP to MCA and they wanted to understand what configurations need to do to the subscription to ensure smooth transition. Also, want to check if there is any impact on tenant, subscription and Log analytical workspace…
Fortinet Connector or CEF AMA Connector? - Sentinel
Hello, Client has Fortinet connector but is having to filter logging so that the log ingestion is not massively costly. I'm sure we could achieve better results using the CEF AMA connector to filter out the security logs from syslog but not sure what to…
Retention log
Hi all, I would like to know some information about the Sentinel log ingestion pricing. My goal is to increase this period to 1 year. What I read is the possibility not to ingest that log (saving money) but to use the archived period to store these…
Syslog via Legacy Agent Microsoft Sentinel
We have an Ubuntu Azure VM for our log collector for Sentinel. We have had some issues with the syslog via legacy agent as of late, but those have been resolved. (Yes I know this connector is going away, but for now I want it working). We send logs…
Syslog via Legacy Agent Microsoft Sentinel
I have an ubuntu azure vm for our syslog connector that has the Syslog via Legacy Agent connected to it. Many of our resources we have use the syslog connector for sending logs to Sentinel. I had some issues with the connector, but finally resolved…
How to install Sentinel Solutions specifically Playbooks and Connectors in Azure Gov
Hello Guys, I am trying to install Azure Firewall Solution (Playboks and custom connectors) in Azure Gov Cloud. I have installed the Azure Firewall Solution from Content Hub, The details shows that this solution has Custom Azure Logic Apps…
Send Defender alerts to an MSSP
Hey, as an MSSP how do I pull defender for XDR alerts only from a customer tenant so it goes into the MSSP workspace and not the customer's?