1,172 questions with Microsoft Sentinel tags

Sort by: Updated
1 answer

Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool

Looking for query where we can get the following data from Azure Virtual Desktop under a particular host pool. Who has not logged in over the past 30 days For those who have logged in, how many days did they log in What is the amount of time users…

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,589 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,262 questions
asked 2024-11-11T23:53:53.5633333+00:00
Joshua Hensley 21 Reputation points
commented 2024-11-21T14:04:12.73+00:00
anashetty 820 Reputation points Microsoft Vendor
0 answers

Azure Sentinel Playbook - Outlook "Send Email" action sign in - Account doesn't exist - Solution

Hello Azure Community, Issue: "I'm encountering an issue when using the "Send Email (V2)" action in an Azure Sentinel playbook with the Outlook connector. Specifically, I'm unable to sign in using any organizational account—it only works…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-21T11:23:38.2333333+00:00
Karim Bou Hamdan 0 Reputation points
edited the question 2024-11-21T12:27:04.7+00:00
Shireesha Eeraboina (Quadrant Resource LLC) 85 Reputation points Microsoft Vendor
0 answers

SailPoint Data Connector not working - Microsoft Sentinel

Hello, Sailpoint (via azure function) data connector is not collecting logs from sailpoint. There are no errors generated by azure function. Recent invocations are all successful but, the function app is not retreiving logs from Sailpoint with the…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-18T23:08:43.0833333+00:00
Burra, Rahul 0 Reputation points
commented 2024-11-21T08:47:04.79+00:00
Givary-MSFT 33,476 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

Sentinel Content Hub - haven't seen "Updates available" flag for some time

We have a number of solutions / content installed from Content Hub, mostly Microsoft provided but also some non-Microsoft. I haven't seen any updates for any of the content for some time now (approx. 6 weeks or so?). Is anyone else still seeing a flag…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-19T15:36:07.7166667+00:00
Neil McIntyre 20 Reputation points
accepted 2024-11-21T08:36:18.6733333+00:00
Neil McIntyre 20 Reputation points
1 answer

Detailed report on the virtual machines (VMs) interacting with Microsoft Sentinel

Detailed report on the virtual machines (VMs) interacting with Microsoft Sentinel, if I understand correctly. Here’s a suggested approach to create that report:   Data Collection: Identify Reporting VMs: Query Microsoft Sentinel to list all VMs…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-19T14:14:45.7466667+00:00
Chauhan, Shaileshbhai 40 Reputation points
commented 2024-11-20T18:13:10.3766667+00:00
Chauhan, Shaileshbhai 40 Reputation points
1 answer

Microsoft Defender for Endpoint creates a large amount of Powershell Logs

Hello, we are using Defender for Endpoint and MS Sentinel. To enhance security, we would like to enable Powershell logging on all devices. But when we enable it, we get 10 times more logs than before. I analyzed the incomming logs and found out that…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,634 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
50 questions
asked 2024-11-18T15:23:36.6133333+00:00
Wankmüller, David (BAGHUS GmbH) 0 Reputation points
edited a comment 2024-11-20T18:05:15.0733333+00:00
Raja Pothuraju 8,265 Reputation points Microsoft Vendor
0 answers

How to install Sentinel content hub via IaC (e.g.) azapi terraform provider

Hi all, I was asked to managed the Sentinel via IaC and successfully installed Log Analytics Workspace & Sentinel via Terraform azurerm provider. I want now to install Content pack from content hubs. I see some documentation for API calls to install…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-20T16:50:46.0433333+00:00
Annamalai, Manickam 0 Reputation points
0 answers

Not receiving windows security event from Azure ARC enabled servers

Successfully connected Windows server through Azure ARC but not receiving any security event logs through data collection rule in Sentinel connector. The AMA extension is showing running successfully.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,336 questions
Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
443 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,289 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-15T14:13:18.75+00:00
Rahul Saha 0 Reputation points
commented 2024-11-20T14:33:25.0866667+00:00
Rahul Saha 0 Reputation points
1 answer

How to configure a new DCR to ingest to an existing Custom Log table?

Hi All, I am currently migrating existing syslog logfeeds running over Logstash pipelines with the "microsoft-logstash-output-azure-loganalytics" output module to Logstash pipelines with the…

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,336 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-10-31T13:04:33.53+00:00
Callens Nico 0 Reputation points
answered 2024-11-20T07:09:26.4066667+00:00
Pauline Mbabu 560 Reputation points Microsoft Employee
0 answers

What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?

I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes: AppDisplayName: Office 365 Management AppId:…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-07T16:22:56.1666667+00:00
Tilman Schmidt 0 Reputation points
commented 2024-11-19T18:23:23.65+00:00
BANDELA Siri Chandana 325 Reputation points Microsoft Vendor
1 answer

logic App to ingest notification of azure monitor alerte to Microsoft sentinel

Hi, In the alert rule configuration for Azure Monitoring, I need to set up an action group (Logic App) that will forward all alert notifications to Microsoft Sentinel. However, I require assistance with designing a Logic App that meets my needs, as I'm…

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,228 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-08T17:44:51.8966667+00:00
Dhahri, Arwa 0 Reputation points
commented 2024-11-19T13:39:53.57+00:00
LeelaRajeshSayana-MSFT 16,601 Reputation points
1 answer

Lighthouse Offer - I cannot add System Managed Identities to my customers Logic Apps

I have my roles delegated, I am in the correct AD groups on my tenant. However, when I got into a Logic App, and try to assign a System Assigned Managed Identity, I keep on getting the following error message: Failed to add Resource as Microsoft…

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
79 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-10-18T09:48:45.4133333+00:00
cc007 0 Reputation points
answered 2024-11-19T07:33:13.63+00:00
Kilian 345 Reputation points
1 answer One of the answers was accepted by the question author.

How to change filtering to see functions

Can't see any functions. Popup says to change filtering. How to change filtering?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-18T16:35:55.6933333+00:00
Tracy Hendrickson 20 Reputation points
accepted 2024-11-18T20:17:50.2933333+00:00
Tracy Hendrickson 20 Reputation points
1 answer

Difficulty Identifying Edited Rules in Azure Firewall Logs via KQL

Hello, community! I'm having trouble identifying specific changes to Azure Firewall rules through KQL (Kusto Query Language). After modifying certain firewall rules, I can see that edits have occurred through the firewall’s logs tab (where it shows a…

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
95 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-07T14:16:55.0666667+00:00
Hyago Santana Mariano 20 Reputation points
answered 2024-11-18T19:39:37.2666667+00:00
Rohith Vinnakota 1,160 Reputation points Microsoft Vendor
0 answers

Managing Customer Sentinel through Azure Lighthouse

Hi Experts, Please help. I have registered our customer on our Azure Lighthouse. I can see their Sentinel with data in it, but when I try to check data connectors, I am getting below errors: Can't see any connector connected, but when customer Global…

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
79 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-08-31T06:52:45.7733333+00:00
Naveen Sharma 20 Reputation points
commented 2024-11-18T06:54:20.4733333+00:00
Pauline Mbabu 560 Reputation points Microsoft Employee
1 answer

How to enable Azure Activity Sentinel Data Connector

Hi, I'm trying to enable Azure Activity Sentinel Data Connector. I've manage to install it and when I follow the 'Launch Azure Policy Assignment Wizard' it completes successfully, however the Azure Activity Data Connector never shows 'green/connected'…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-07T12:11:18.33+00:00
Silva, Luis 0 Reputation points
commented 2024-11-15T00:13:21.7866667+00:00
Navya 13,050 Reputation points Microsoft Vendor
1 answer One of the answers was accepted by the question author.

Using Logic Apps across multiple tenants

I am planning to onboard another tenant to my setup and considering using Lighthouse. My goal is to manage Microsoft Sentinel and create logic apps in one tenant while using them for automation in a different tenant. Could someone assist me with setting…

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,228 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2023-12-17T11:46:58.88+00:00
Cloudsec 160 Reputation points
edited a comment 2024-11-14T18:56:55.6633333+00:00
Andy Nicholls 0 Reputation points
1 answer

Sentinel Smart Deployment cannot push csv file to Azure DevOps

When I deploy content to sentinel using Azure DevOps, the content deploys successfully but when smart deployment enabled, it cannot push csv tracking file to Azure Repo with error [Warning] API call failed:…

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-04-05T06:33:36.0033333+00:00
Ha Nguyen 10 Reputation points
commented 2024-11-14T14:04:33.61+00:00
Torstein Lundervold Nesheim 0 Reputation points
1 answer

Update to Python 3.11 got SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

Hi, After we updated our Sentinel data connector(implemented in Azure Function) to use python3.11 from 3.10, we got SSL Error from urllib3 when making API calls: SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify…

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,153 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-09-24T17:10:13.2266667+00:00
Xiuyang Bobby Sun 65 Reputation points
answered 2024-11-14T10:00:01.8433333+00:00
Pauline Mbabu 560 Reputation points Microsoft Employee
0 answers

Can we send Defender for Cloud's logs to Sentinel's LAW without "Defender for cloud connector" configured in Sentinel?

Question: While deploying Defender for Cloud, if we select the same LAW (workspace) that Sentinel is using, do we still need to configure Defender for Cloud connector and configure it in Sentinel? In this scenario, do Defender for Cloud and Sentinel's…

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,172 questions
asked 2024-11-12T14:28:00.0966667+00:00
Rakesh Singh 270 Reputation points
commented 2024-11-14T02:28:15.29+00:00
Navya 13,050 Reputation points Microsoft Vendor