Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,394 questions
1 answer
One of the answers was accepted by the question author.
Mismatch in amount of data received in logs analytics workspace and DCR metrics
I have defined a data collection rule and am using logs ingestion api to send data to 2 custom tables. I have defined diagnostic settings for the DCR such that error logs are sent to logs analytics workspace. For about an hour, I have events ingested…
asked 2024-03-28T07:47:47.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
230
Reputation points
edited the question 2024-12-22T13:24:38.7033333+00:00
TP
100.9K
Reputation points
0 answers
Unable to access Log Analytics demo environment from Microsoft KB
I am trying to access the Log Analytics demo environment from https://learn.microsoft.com/en-us/training/modules/construct-kusto-query-language-statements/2-understand-kusto-query-language-statement-structure but i am getting the error below. There…
asked 2024-12-21T09:35:16.2966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 65%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Jia Kang Bong
0
Reputation points
asked 2024-12-21T09:35:16.2966667+00:00
Jia Kang Bong
0
Reputation points
2 answers
How to check the azure sentinel health for all the workspace in my organization?
Can someone help on how to check the sentinel status across all the workspace in organization?
asked 2024-12-20T09:36:28.5433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 63%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Avinash Bisoi
0
Reputation points
edited an answer 2024-12-20T14:38:53.9233333+00:00
Clive Watson
6,751
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?
I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes: AppDisplayName: Office 365 Management AppId:…
asked 2024-11-07T16:22:56.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
20
Reputation points
accepted 2024-12-20T08:21:37.8133333+00:00
Tilman Schmidt
20
Reputation points
2 answers
Add Microsoft Sentinel to Log Analytics Workspace using Ansible
I am trying to create a Log Analytics Workspace with Microsoft Sentinel using Ansible following this module: https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_loganalyticsworkspace_module.html - name: Create a workspace…
asked 2024-07-25T19:02:15.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravalia Krutika Harishbhai
40
Reputation points
answered 2024-12-19T20:42:42.6933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 43%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Abdalla Elzedy
0
Reputation points
2 answers
Summary rules - showing 404
I can no longer view summary rules. When I click on Summary rules it shows an error "NOT FOUND" Anybody noticed this lately? It was working pretty well before 5th of December.
asked 2024-12-09T11:03:30.0666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
0
Reputation points
edited a comment 2024-12-19T19:36:06.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
9,805
Reputation points Microsoft Vendor
0 answers
Microsoft Sentinel for SAP - No Audit Log Data - other data is visible
Hello all, we have a strange issue - we dont receive AUDIT LOG data in MS Sentinel for SAP - other data is successfully transferred: SM19/SM20 is activated with content on SAP side (checked:…
asked 2024-12-19T15:58:21.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 80%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGF%3C/text%3E%3C/svg%3E)
Gabel, Felix
20
Reputation points
asked 2024-12-19T15:58:21.38+00:00
Gabel, Felix
20
Reputation points
0 answers
Summary rules - Limit on total aggregated size
Folks, I'm trying to use summary rules to aggregate firewall logs. There's a hard size limit from MS per result of 100 MB which I think is not up to the mark for firewall logs. While summarizing I'm creating two sets and grouping by 7 other fields (I…
asked 2024-12-19T14:16:00.4066667+00:00
Khanna, Keshav
0
Reputation points
asked 2024-12-19T14:16:00.4066667+00:00
Khanna, Keshav
0
Reputation points
2 answers
Unable to Access Log Analytics Demo (aka.ms/lademo)
Hello, I have been using the log analytics demo environment to help train for the last month for KQL. Recently, I have no idea what changed, but I have lost access the the public and free environment at "aka.ms/lademo". I have tried all…
asked 2024-12-09T17:12:58.2033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Colin Colón
25
Reputation points
edited the question 2024-12-18T07:58:35.9566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rakesh Gurram
10,545
Reputation points Microsoft Vendor
1 answer
will Incidents syncing delay after we configure unified platform?
Hello team, We are planning to enable sentinel workspace in defender XDR portal to get the unified portal experience. I have question, will there be a delay between the syncing of incidents from defender to sentinel after this change? I have searched but…
asked 2024-12-09T14:26:46.0033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 45%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
supriya nelluri
5
Reputation points
edited the question 2024-12-18T06:32:06.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RNareddy
1,430
Reputation points Microsoft Vendor
1 answer
Microsoft Defender for Endpoint creates a large amount of Powershell Logs
Hello, we are using Defender for Endpoint and MS Sentinel. To enhance security, we would like to enable Powershell logging on all devices. But when we enable it, we get 10 times more logs than before. I analyzed the incomming logs and found out that…
asked 2024-11-18T15:23:36.6133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 54%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Wankmüller, David (BAGHUS GmbH)
5
Reputation points
edited the question 2024-12-18T06:28:32.1066667+00:00
RNareddy
1,430
Reputation points Microsoft Vendor
0 answers
Sentinel - interaction_required error
Hello, can you help me solve the following error? { "sessionId": "9d6b455200394724a4301aa37f8f75ea", "errors": [ { "errorMessage": "interaction_required: AADSTS160021: Application requested a…
asked 2024-12-15T13:22:40.2133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 40%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sule Demirel (CYBERWISE)
0
Reputation points
commented 2024-12-17T19:10:22.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
13,875
Reputation points Microsoft Vendor
3 answers
One of the answers was accepted by the question author.
Microsoft Sentinel for SAP - Connect your SAP system to Microsoft Sentinel - Failed to create configuration AccessDenied
Hello all, while adding a SAP Backendsystem (Add new system) to Sentinel for SAP in Azure Portal we getting a error message. Collector VM is visible as healthy in portal. When selecting the agent in the dropdown - directly the error message FAILED TO…
asked 2024-12-17T09:06:31.15+00:00
Gabel, Felix
20
Reputation points
accepted 2024-12-17T14:26:01.5733333+00:00
Gabel, Felix
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Analytic Rules for Log Forwarder
Good day, May you kindly assist with KQL queries to create these 4 analytic on our environment. Log Rate-Insufficient Agent Heartbeat Latency Agent Heartbeat Monitor Agent-Health-Alert
asked 2024-12-12T10:59:02.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 71%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Lumka Langa
20
Reputation points
edited the question 2024-12-16T16:26:53.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
34,521
Reputation points Microsoft Employee
1 answer
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
asked 2024-12-15T09:21:08.1633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
suraj hirekudi
0
Reputation points
answered 2024-12-16T10:28:21.3066667+00:00
Clive Watson
6,751
Reputation points MVP
1 answer
I cannot Login to Sentinel. All other admin portals work fine.
get this error everytime I logged in. I tried clearing cookies, cache, Incognito mode. Nothing works.
asked 2024-12-11T09:34:17.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 39%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
HK
1
Reputation point
answered 2024-12-16T06:13:07.83+00:00
Givary-MSFT
34,521
Reputation points Microsoft Employee
1 answer
Issue Viewing Sentinel incidents (Token Issue)
Hey y'all, I've been having some issues viewing sentinel incidents. After I sign in and navigate to our sentinel workspace, click on "incidents" I'm greeted with the error below. Another co worker, SOC, and myself can't see this page. I was…
asked 2024-12-11T19:22:36.3866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 25%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Evan Shannon
10
Reputation points
edited an answer 2024-12-16T05:41:00.7266667+00:00
Givary-MSFT
34,521
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
I want to find the devices in my azure environment that are using the most resources. I then want to find out how much these devices are costing us a month. What is the best way to do this?
I'm new to azure. I have hundreds of devices on my work network and want to find the devices that are the most active and using the most resources. I want to use the most active device as a baseline so that I know the maximum amount that I can expect to…
asked 2024-12-08T13:31:55.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 43%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Tim A
20
Reputation points
commented 2024-12-12T06:32:37.3966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
ZhoumingDuan-MSFT
14,715
Reputation points Microsoft Vendor
1 answer
Unexplained Non-interactive Sign-ins
Hi Forum, I have been trying to identify the unexplained successful non-interactive sign-ins and mark them as "benign" with proof/evidence. Our organisation has blocked all logins from non-UK IP addresses. It works fine for interactive…
asked 2024-12-02T13:23:01.7566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 55.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
User1122
0
Reputation points
commented 2024-12-11T14:53:20.12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda
10,635
Reputation points Microsoft Vendor
1 answer
Duplicate SecurityEvent logging after migrating from MMA to AMA
Greetings, I added a few extra tags to this as we are not quite sure of why we cannot Disconnect or Delete the Security Events Via the Legacy Agent Connector from our Sentinel environment. All Azure VMs have been migrated from the MMA (Legacy) agent to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 76%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)