Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,129 questions
Sentinel unexpected error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 16%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Sebastian Enström
0
Reputation points
Hi!
I have an issue with Microsoft Sentinel. Every now and then I get this "unexpected error". When this happens all connectors show as not connected, I can't run any queries nor see any logs. I still receive incidents based on some analytic rules I have. So logs is indeed beeing ingested still.
This seem to happen randomly and always solves itself within a day or two. But it is extreamly annoying because it stops our workflow.
We are currently looking at Sentinel for our main SIEM solution, but as it seems to "break" for no reason makes me question it..
We have 12 connectors, most of them Microsoft based (Entra ID, Azure Activity, Defender for Endpoint, Azure Firewall etc) but we also ingest syslogs from on prem firewalls using Common Event Format (CEF) via AMA connector.
Have anyone else experienced similar issues with Sentinel?
BR.
{count} votes
-
Clive Watson 6,351 Reputation points MVP2024-09-27T08:57:36.4066667+00:00 Have you contacted Microsoft support? Also try other browsers or try and isolate yourself from any proxy or Network issues (which may not be possible of course).
Sign in to comment
Sign in to answer