Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,005 questions
1 answer
Powershell Script to add connectors to Azure Sentinel
Hi Team, Is there any way to automate the process(powershell or Json scripts/code) to add following data connectors to sentinel. -Azure Active Directory -Azure Activity -Azure Security Centre -Security Events I did not get any commands/code…
asked 2020-09-14T11:29:43.873+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 97%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Ankush Chauhan
1
Reputation point
commented 2020-09-25T23:42:30.85+00:00
JamesTran-MSFT
36,486
Reputation points Microsoft Employee
1 answer
Sentinel 'Events and alerts over time' graph
Hi all, Let me start by thanking you in advance and being honest that I am very new to Sentinel. I've deployed a few Windows Firewall Data Connectors, Over the past few hours. However, the graph under the 'Workspace' for these machines looks odd.…
asked 2020-09-22T15:00:06.283+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 83%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENQ%3C/text%3E%3C/svg%3E)
Niall Quinn
1
Reputation point
commented 2020-09-25T23:41:43.053+00:00
JamesTran-MSFT
36,486
Reputation points Microsoft Employee
0 answers
Azure Sentinel - Active Directory Connector show different info about log-ins than Azure Active Directory logs in
Yesterday I've chatted with Microsoft's support engineer from the "new support request" in our Log Analytics workspace. The engineer suggested me to write a question here. My issue is: when I go to my Azure Active Directory >…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 14.000000000000002%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDI%3C/text%3E%3C/svg%3E)
1 answer
Email/Phone Indicators in Account Entity Types
Hi There, As Sentinel supports only four entity types - Account 2. IP 3. Host 4. URL Can we use Email or Phone Number in the logs and map it to Account Entity Type?
asked 2020-08-18T13:23:07.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Venkat Rambatla
1
Reputation point
commented 2020-08-25T22:56:16.797+00:00
JamesTran-MSFT
36,486
Reputation points Microsoft Employee
2 answers
Behavior Analytics
Hello All, Kindly any one give me some details about behavior analytics. If i enable it then what is the benefit of this service. Is this chargeable?
asked 2020-08-23T05:54:32.34+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rohit
1
Reputation point
answered 2020-08-25T22:08:01.323+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma
23,766
Reputation points Microsoft Employee
0 answers
possible query to filter data from PCAP in Sentinel.
What would be possible query to capture the pcap data in sentinel.
asked 2020-08-19T13:58:16.333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 69%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Uma
1
Reputation point
commented 2020-08-21T17:08:38.607+00:00
Saurabh Sharma
23,766
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
asked 2020-08-07T12:40:16.34+00:00
Vaibhav Chaudhari
38,661
Reputation points
accepted 2020-08-19T14:45:28.08+00:00
Vaibhav Chaudhari
38,661
Reputation points
0 answers
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
asked 2020-08-10T11:38:08.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 34%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Schönegger
21
Reputation points
commented 2020-08-12T18:17:36.343+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
35,116
Reputation points Microsoft Employee
2 answers
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…
asked 2020-07-22T07:41:07.79+00:00
EnterpriseArchitect
4,896
Reputation points
commented 2020-08-01T10:27:48.307+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 66%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Ken Golitin
21
Reputation points
1 answer
How to take the Network Security Group(NSG) logs to Azure Sentinel
Hello, I have Azure Sentinel, Kindly suggest the steps how to forward the NSG(Azure Firewall) logs to Sentinel. Regards, Chandan Prajapati
asked 2020-07-18T19:15:54.85+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
commented 2020-07-30T23:00:48.757+00:00
Marilee Turscak-MSFT
35,116
Reputation points Microsoft Employee
2 answers
Window Firewall
Hello All, Kindly suggest me how to take the Windows Firewall logs to Sentinel. Thank You
asked 2020-07-23T06:19:36.093+00:00
Rohit
1
Reputation point
commented 2020-07-29T07:41:36.12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 33%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Cherry Zhang (Shanghai Wicresoft)
11
Reputation points
1 answer
Is it possible to display Sentinel Incidents and Alerts within Azure Dashboards
Hi, I am wondering if i can query the SecurityAlert logs within Dashboard query? I find the workbooks and the Sentinel Overview screen to not be ideal as a dashboard screen and want to have it all in dashboards
asked 2020-07-22T01:13:08.123+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 45%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Cal
1
Reputation point
commented 2020-07-27T21:01:10.917+00:00
JamesTran-MSFT
36,486
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
What's the best way to get on-premise Domain Controller Logs into Sentinel?
I'm working to get logs from an on-prem server into Sentinel. Really all I need is visibility into what's going on, and some route to respond to threats so it doesn't necessarily have to be Sentinel but that's what I've been using so far to monitor Azure…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 52%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
2 answers
Nsg Log to Sentinel
Hello, Can any one provide me the exact process/Docs/link for how to enable Azure Firewall(NSG) to Sentinel. Or how to see the (Azure Firewall) NSG logs in Sentinel. Thanks Rohit
2 answers
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
I have two different fortigate that stream logs to a CEF collector (linux oms agent). The agent relays the info to logs analytics workspace that has azure sentinel and it does process them. When querying the logs I do not have a way to know from which…
asked 2020-06-11T04:27:53.417+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 13%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
Juan Orjuela
1
Reputation point
commented 2020-07-20T15:30:50.527+00:00
Saurabh Sharma
23,766
Reputation points Microsoft Employee
0 answers
Getting a 500 error when creating a office 365 dataconnector by using the azure api.
Hello, I'm trying to replicate this example and I'm getting a 500 error. Does anybody has faced this same issue before? …
asked 2020-07-17T04:57:31.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 51%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Camilo
1
Reputation point
commented 2020-07-18T00:16:47.253+00:00
Saurabh Sharma
23,766
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
I am trying to create an alert query that will let me know if a specific source has not provided logs within 7 days, but I am not sure the what syntax would allow for this. It is simple to find entries older than 7 days, but is it possible to alert if…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 53%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
2 answers
AI for Covid19
In today's crisis of Covid19, AI will definitely is a key element to be used to further enhance humanity and health of the world. What would be the best technology to be used?
asked 2020-06-13T16:23:12.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Mulia Dewi Karnadi
1
Reputation point
answered 2020-06-15T12:00:02.453+00:00
romungi-MSFT
42,986
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Looking for a sample event that triggers when one of the existing users has been assigned with "global admin privilege" in office 365
On the SIEM solution (eg. Azure sentinel), i am looking to create a correlation rule that will use the event that gets generated when one of the existing users has been assigned with the 'global admin' privileges. As i do not have any such instances from…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 33%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
What happens after free trial for Azure Sentinel expires and what are the trial limits?
Our client wants to try trial version of Azure Sentinel and is curious what happens after free trial expires, for example, will he lose access to all features or will he have access to partial free features or he'll have access but will pay per usage. …
asked 2020-06-01T13:31:22.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 20%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
groupireum
21
Reputation points
commented 2020-06-02T22:48:51+00:00
Saurabh Sharma
23,766
Reputation points Microsoft Employee