Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool
Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool. Who has not logged in over the past 30 days For those who have logged in, how many days did they log in What is the amount of time users…
Azure Sentinel Playbook - Outlook "Send Email" action sign in - Account doesn't exist - Solution
Hello Azure Community, Issue: "I'm encountering an issue when using the "Send Email (V2)" action in an Azure Sentinel playbook with the Outlook connector. Specifically, I'm unable to sign in using any organizational account—it only works…
SailPoint Data Connector not working - Microsoft Sentinel
Hello, Sailpoint (via azure function) data connector is not collecting logs from sailpoint. There are no errors generated by azure function. Recent invocations are all successful but, the function app is not retreiving logs from Sailpoint with the…
Sentinel Content Hub - haven't seen "Updates available" flag for some time
We have a number of solutions / content installed from Content Hub, mostly Microsoft provided but also some non-Microsoft. I haven't seen any updates for any of the content for some time now (approx. 6 weeks or so?). Is anyone else still seeing a flag…
Detailed report on the virtual machines (VMs) interacting with Microsoft Sentinel
Detailed report on the virtual machines (VMs) interacting with Microsoft Sentinel, if I understand correctly. Here’s a suggested approach to create that report: Data Collection: Identify Reporting VMs: Query Microsoft Sentinel to list all VMs…
Microsoft Defender for Endpoint creates a large amount of Powershell Logs
Hello, we are using Defender for Endpoint and MS Sentinel. To enhance security, we would like to enable Powershell logging on all devices. But when we enable it, we get 10 times more logs than before. I analyzed the incomming logs and found out that…
How to install Sentinel content hub via IaC (e.g.) azapi terraform provider
Hi all, I was asked to managed the Sentinel via IaC and successfully installed Log Analytics Workspace & Sentinel via Terraform azurerm provider. I want now to install Content pack from content hubs. I see some documentation for API calls to install…
Not receiving windows security event from Azure ARC enabled servers
Successfully connected Windows server through Azure ARC but not receiving any security event logs through data collection rule in Sentinel connector. The AMA extension is showing running successfully.
How to configure a new DCR to ingest to an existing Custom Log table?
Hi All, I am currently migrating existing syslog logfeeds running over Logstash pipelines with the "microsoft-logstash-output-azure-loganalytics" output module to Logstash pipelines with the…
What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?
I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes: AppDisplayName: Office 365 Management AppId:…
logic App to ingest notification of azure monitor alerte to Microsoft sentinel
Hi, In the alert rule configuration for Azure Monitoring, I need to set up an action group (Logic App) that will forward all alert notifications to Microsoft Sentinel. However, I require assistance with designing a Logic App that meets my needs, as I'm…
Lighthouse Offer - I cannot add System Managed Identities to my customers Logic Apps
I have my roles delegated, I am in the correct AD groups on my tenant. However, when I got into a Logic App, and try to assign a System Assigned Managed Identity, I keep on getting the following error message: Failed to add Resource as Microsoft…
How to change filtering to see functions
Can't see any functions. Popup says to change filtering. How to change filtering?
Difficulty Identifying Edited Rules in Azure Firewall Logs via KQL
Hello, community! I'm having trouble identifying specific changes to Azure Firewall rules through KQL (Kusto Query Language). After modifying certain firewall rules, I can see that edits have occurred through the firewall’s logs tab (where it shows a…
Managing Customer Sentinel through Azure Lighthouse
Hi Experts, Please help. I have registered our customer on our Azure Lighthouse. I can see their Sentinel with data in it, but when I try to check data connectors, I am getting below errors: Can't see any connector connected, but when customer Global…
How to enable Azure Activity Sentinel Data Connector
Hi, I'm trying to enable Azure Activity Sentinel Data Connector. I've manage to install it and when I follow the 'Launch Azure Policy Assignment Wizard' it completes successfully, however the Azure Activity Data Connector never shows 'green/connected'…
Using Logic Apps across multiple tenants
I am planning to onboard another tenant to my setup and considering using Lighthouse. My goal is to manage Microsoft Sentinel and create logic apps in one tenant while using them for automation in a different tenant. Could someone assist me with setting…
Sentinel Smart Deployment cannot push csv file to Azure DevOps
When I deploy content to sentinel using Azure DevOps, the content deploys successfully but when smart deployment enabled, it cannot push csv tracking file to Azure Repo with error [Warning] API call failed:…
Update to Python 3.11 got SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))
Hi, After we updated our Sentinel data connector(implemented in Azure Function) to use python3.11 from 3.10, we got SSL Error from urllib3 when making API calls: SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify…
Can we send Defender for Cloud's logs to Sentinel's LAW without "Defender for cloud connector" configured in Sentinel?
Question: While deploying Defender for Cloud, if we select the same LAW (workspace) that Sentinel is using, do we still need to configure Defender for Cloud connector and configure it in Sentinel? In this scenario, do Defender for Cloud and Sentinel's…