Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,210 questions
1 answer
How to find out which of several authenticators was used in a sign-in?
We are using MFA with Microsoft Authenticator for user sign-ins to our tenant. Many of our users have registered more than one Microsoft Authenticator instance. Sometimes this is deliberate, in order to have a backup in case the primary smartphone is…
asked 2025-01-13T13:20:23.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
50
Reputation points
commented 2025-02-04T23:36:25.2333333+00:00
James Hamil
26,976
Reputation points Microsoft Employee
1 answer
Microsoft Sentinel for SAP - API based collector agent - SAP in AWS
I have deployed the Sentinel for SAP but the API based collector agent is showing incomplete installation. I have followed all the instructions and logs are flowing into SAP. Is the API Based collector agent needed for AWS installations.
asked 2025-01-29T21:49:48.6733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DougE
0
Reputation points
commented 2025-02-04T21:23:37.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda
11,440
Reputation points Microsoft Vendor
1 answer
Issues trying to connect to MITRE ATT&CK STIX 2.1 Feed from Sentinel Threat Intelligence
Hi, I am having issues while trying to connect to the MITRE ATT&CK STIX 2.1 Feed from within Sentinel's Threat Intelligence module. I have the 'Threat Intelligence - TAXII' data connector enabled (with another TAXII server…
asked 2025-02-03T04:58:21.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 57.99999999999999%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW6%3C/text%3E%3C/svg%3E)
WillAngus-6254
0
Reputation points
answered 2025-02-04T15:05:02.58+00:00
Andrew Blumhardt
9,871
Reputation points Microsoft Employee
1 answer
What is the size limit of rawContent of watchlist when bundled in solution package?
We are using watchlists to upload data via csv files and using it in worksbook. As per the document, there is a size limit of 3.8MB while creating watchlist using local csv files. So, we have created csv files of size 2.5MB, using which we are able to…
asked 2025-01-31T06:30:59.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 62%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Nirali Shah
146
Reputation points
commented 2025-02-04T06:37:42.0333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
35,216
Reputation points Microsoft Employee
2 answers
Problem with Microsoft Sentinel Connector
Hello, for test i have deploy sentinel 2 or 3 time and after that i delete Workpace. Now i have recreted new Workspace and when i try connect connector i recevive the following error: I have just try to find if there are other diagnostics settings but…
asked 2025-02-01T09:06:59.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGI%3C/text%3E%3C/svg%3E)
Guido Imperatore
20
Reputation points MVP
commented 2025-02-03T07:26:13.1233333+00:00
Guido Imperatore
20
Reputation points MVP
0 answers
Microsoft Sentinel: System Assigned Managed Identity can't find location
I'm trying to connect Azure Activity to Microsoft Sentinel. It requires creating a Managed Identity. When creating a System Assigned Managed Identity, a location is required but there's no location options to select. Any idea what could be causing this?…
asked 2025-01-10T15:58:49.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 56.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
alfalfa
15
Reputation points
commented 2025-01-30T15:07:47.2766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 35%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Justin Hertwig
10
Reputation points
1 answer
How to send Windows logs from an on premises windows machine to Microsoft Sentinel?
Hi, I'm trying to set up Microsoft Sentinel, and I need to forward windows logs from all of our machines. I'm experimenting with the configuration on a machine running Windows 11 Pro, then plan to copy the configuration across the rest of our machines.…
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,764 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,210 questions
asked 2025-01-21T21:40:59.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 34%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
Colin R
0
Reputation points
commented 2025-01-29T18:48:35.72+00:00
Akhilesh Vallamkonda
11,440
Reputation points Microsoft Vendor
1 answer
How do you stop duplicate CEF and Syslog entries with the new Azure Monitor Agent
Hi there, I have the new Azure Monitor Agent for Linux installed and have created and run the new Data Collection Rule set without issue. I now have CEF and Syslog coming through but want to filter out CEF from Syslog. In /etc/rsyslog.d I created a new…
asked 2023-09-14T14:29:40.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 1%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Lloyd Carnie
5
Reputation points
edited a comment 2025-01-29T02:50:02.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 28.999999999999996%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Roger Spraggon
0
Reputation points
1 answer
Has anyone tried correlating Prisma threat logs with Microsoft Events before?
We are trying to correlate our threat logs with any Microsoft events that could be related to it. It would help us enrich the alerts. Has anyone done it before? Does Microsoft have templates on it? Our current setup is, we have custom threat logs from…
asked 2025-01-16T04:16:31.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVI%3C/text%3E%3C/svg%3E)
Vince Ian Cruz
0
Reputation points
edited a comment 2025-01-28T01:37:07.7966667+00:00
Vince Ian Cruz
0
Reputation points
1 answer
Tasks-Details of the Tasks missing in SecurityIncident table
The Tasks added to an Incident don't have the Details (text added to the Task except the Title) in the SecurityIncident table or any other Table. Where can we find these details?
asked 2024-12-28T21:12:16.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 45%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Grace A
1
Reputation point
commented 2025-01-23T08:38:19.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
595
Reputation points Microsoft Employee
2 answers
Summary rules - Limit on total aggregated size
Folks, I'm trying to use summary rules to aggregate firewall logs. There's a hard size limit from MS per result of 100 MB which I think is not up to the mark for firewall logs. While summarizing I'm creating two sets and grouping by 7 other fields (I…
asked 2024-12-19T14:16:00.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
20
Reputation points
answered 2025-01-21T09:16:17.3133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Prathista Ilango
170
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
AWS GuardDuty integration Issue with Sentinel
Hi Support Team I wanted to integrate GuardDuty with Sentinel, so I followed the instructions in this link my connector is connected successfully, but I am still not receiving any logs in the AWSGuardduty table in Sentinel. would you please someone tell…
asked 2025-01-15T12:56:11.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ali Salem Panah
40
Reputation points
commented 2025-01-21T09:02:45.42+00:00
Givary-MSFT
35,216
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Unable to leverage Auxiliary log table with Text or Json ingestion
Hi, I have followed all the steps from this article https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-log-text?tabs=portal , and am able to ingest data into 'basic' logs. However if I try to use an 'Auxiliary' log table as…
asked 2024-11-22T17:24:34+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 80%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Mehboob Ahmad
25
Reputation points
edited a comment 2025-01-20T04:41:31.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 97%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Manisha
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How to connect Azure Activity data connector in Sentinel
Hello, I am having trouble connecting the Data Connectors in Sentinel. The instructions in Microsoft Learn differ from what I observe in Sentinel, but here is what I have done thus far: I have installed the Azure Activity Data Connector from the Content…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 85%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
1 answer
Integrate Azure Purview to Azure Sentinel
Hello, I would like to integrate my Azure Purview with Azure Sentinel. I have followed the steps described in the official documentation at this "https://learn.microsoft.com/en-us/purview/register-scan-azure-blob-storage-source" link. However,…
asked 2025-01-15T03:24:53.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Muhammad Rifqi Prasetyo
0
Reputation points
commented 2025-01-17T08:08:16.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 8%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Smaran Thoomu
19,630
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Disable pop-ups in Azure Sentinel
Hello, I’ve been working with Azure Sentinel for about a year now. Some months ago, Azure introduced a pop-up that appears whenever I have a KQL query open and attempt to close the browser tab or press X. This has become extremely frustrating. I simply…
asked 2025-01-04T06:14:30.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 62%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Albert Hardvendel
20
Reputation points
accepted 2025-01-11T06:28:46.48+00:00
Albert Hardvendel
20
Reputation points
1 answer
Netskope Data Connector (using Azure Functions) Disconnected
Upon completion of all the configurations provided and making sure Netskope API token is valid. The data connector is still disconnected. Tried running the Trigger playbook and it triggered successfully but still the connector is disconnected.
asked 2025-01-10T02:56:44.5466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 79%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Reigan Arcilla
0
Reputation points
answered 2025-01-10T06:06:49.3533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
12,120
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Defender for Endpoint Vulnerability Management Browser Extensions not populating
We recently started a trial of the Defender Vulnerability Management add-on and applied the licenses to our users. Everything seems to be working fine, but unfortunately on a small handful of the browser extensions and hardware information are…
asked 2025-01-07T21:04:33.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
George Zerphey
176
Reputation points
accepted 2025-01-08T13:33:50.9333333+00:00
George Zerphey
176
Reputation points
1 answer
One of the answers was accepted by the question author.
can we able to transfer the security event logs of windows server of one resource group to an log analytics workspace (Microsoft Sentinel) which is deployed with other resource group
can we able to transfer the security event logs of windows server of one resource group to an log analytics workspace (Microsoft Sentinel) which is deployed with other resource group
asked 2025-01-07T14:49:37.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 8%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
K, Chandrashekharmurthy
20
Reputation points
accepted 2025-01-08T13:18:14.6066667+00:00
K, Chandrashekharmurthy
20
Reputation points
1 answer
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
asked 2024-12-15T09:21:08.1633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
suraj hirekudi
0
Reputation points
commented 2025-01-02T09:42:01.0933333+00:00
Givary-MSFT
35,216
Reputation points Microsoft Employee