Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,123 questions
1 answer
ama agent installation vs arc agent install?
Hi there, There are 2 procedures for installing the Azure AMA agent for use with Sentinel as a syslog collector: install the AMA agent using the python script provided by Sentinel: …
asked 2024-08-27T20:03:16.6766667+00:00
David Broggy
5,716
Reputation points MVP
answered 2024-08-29T05:19:49.5666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
32,311
Reputation points Microsoft Employee
0 answers
I am getting this error ?"Connectivity check failed: Status code:S3B40023, Message: An Access Denied exception occurred when attempting to download a S3 object - bucket cloudtrail-s3-xxxxxx-xxx-xx. Ensure the S3has the specified permissions in its"PERMI""
Hello All, We were working on ingesting logs in sentinel using aws s3 connector. After the connection was made successfully, I workied fine and we were able to see the logs. But today we stopped getting the logs, When i run the health command, got this…
asked 2024-08-23T18:20:35.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 68%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Karan Prabhakar
0
Reputation points
commented 2024-08-28T08:48:56.8466667+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
0 answers
how to use data transformation on the SecurityEvent table in Sentinel to drop events
Hi there, I'd like to use a data transformation to filter some events entering Sentinel. The test I'm doing is with the SecurityEvent table. I added this transformation: source| where EventID <> 4688 However after waiting an hour I'm still seeing…
asked 2024-08-23T15:29:04.7333333+00:00
David Broggy
5,716
Reputation points MVP
commented 2024-08-28T08:35:09.6733333+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
2 answers
Not able to ingest a logs from Microsoft Exchange and Microsoft Defender XDR
Hey I have deployed the Microsoft Sentinel and are able to be getting some logs from signing logs. But a want a log for my cloud apps and for that. I have installed the Microsoft defender XDR connector. it is connected successfully but when I checked…
asked 2024-08-21T19:39:24.9066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 42%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Robin Jha
0
Reputation points
answered 2024-08-27T05:29:32.5133333+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
1 answer
Sentinel to Jira intergration
Hi team, Currently i am working on sentinel to jira integration, i couldn't find any better documentation for the process. Iam focusing on this for Auto-creation of tickets in Jira for incidents generated in Sentinel. Bi-directional sync for assigned…
asked 2024-08-23T04:11:44.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 85%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jithin Raj
0
Reputation points
answered 2024-08-26T08:20:56.8066667+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?
Do Defender for Endpoint license pricing differ whether the endpoint is a server or a client machine?
asked 2024-08-23T09:11:30.99+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 96%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEE%3C/text%3E%3C/svg%3E)
Ergon Erik
20
Reputation points
accepted 2024-08-26T06:57:04.47+00:00
Ergon Erik
20
Reputation points
1 answer
AWS S3 bucket logs not ingesting to Microsoft Sentinel
I have configured the AWS S3 data connector in Microsoft Sentinel. Ref: https://video2.skills-academy.com/en-us/azure/sentinel/connect-aws?tabs=s3. I have created a S3 bucket and Simple queue service as documented on the connector page. Furthermore, I have…
asked 2024-08-06T11:51:09.73+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Deep Thakkar
10
Reputation points
commented 2024-08-23T07:37:54.1566667+00:00
Deep Thakkar
10
Reputation points
1 answer
One of the answers was accepted by the question author.
Data Connector to enable bidirectional sync between Microsoft Sentinel and Jira Service Management
Hi Team, Are there plans to make available a data connector to enable bidirectional sync between Microsoft Sentinel and Jira Service Management? It would be great to have the following features available for this connector: Auto-creation of tickets…
asked 2022-03-24T09:57:43.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Anand R Menon
291
Reputation points
commented 2024-08-23T04:04:06.16+00:00
Jithin Raj
0
Reputation points
1 answer
Explain how Defender for Endpoint alerts are combined into incidents
Hi there, In the Defender portal (Security.microsoft.com) you can see your Defender for Endpoint Incidents. Here's how I think Incident IDs work when alerts combine with other Incidents. Please correct me if I'm wrong and please suggest a link to…
asked 2023-08-04T19:00:19.7533333+00:00
David Broggy
5,716
Reputation points MVP
commented 2024-08-21T08:45:59.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 87%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Verheyen, Andre
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Issue with Sentinel Entra ID Connector
Hello, We have a Log Analytics Workspace that was moved to a different Azure subscription. One of the connectors that is configured is for Entra ID. I'm able to confirm that we're receiving Entra ID logs, but we've found an issue when trying to access…
asked 2024-08-16T00:35:59.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 87%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Richard Long
341
Reputation points
commented 2024-08-16T14:57:30.8566667+00:00
Richard Long
341
Reputation points
1 answer
Incorrect data in the Usage table
Hi folks A few days ago I noticed an odd behavior in multiple environments. In these Sentinel instances we don't have any logs in the AzureDiagnotics table. But when I query the Usage table it shows some data for the AzureDiagnostics DataType. So,…
asked 2024-08-13T09:11:05.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 94%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Sándor Tőkési
181
Reputation points
edited a comment 2024-08-16T06:45:11.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 90%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHA%3C/text%3E%3C/svg%3E)
Harini Arulazhagan
0
Reputation points Microsoft Vendor
2 answers
Mapping AWS CloudTrail log schema to Sentinel table columns
Is there a predefined mapping between the AWS CloudTrail log schema and the Sentinel table columns? Specifically, can you provide the schema mapping via the AWS S3 data connector?
asked 2024-07-30T14:19:43.6033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 72%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL1%3C/text%3E%3C/svg%3E)
LilianneChoy-1157
6
Reputation points
answered 2024-08-15T16:18:23.6533333+00:00
LilianneChoy-1157
6
Reputation points
1 answer
One of the answers was accepted by the question author.
Anyone managed to get IoCs ( threat indicators ) from Sentinel to Defender for endpoint
Currently I have some scripts running on a cron job that import IoCs to defender for endpoint indicator list ( this allows blocking on the endpoints) . We have recently setup a Sentinel instance and it’s pretty easy to add threat intel to Sentinel via a…
asked 2024-08-12T07:21:48.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 25%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
Nicholas Giannoulis
20
Reputation points
accepted 2024-08-14T06:31:26.0333333+00:00
Nicholas Giannoulis
20
Reputation points
2 answers
One of the answers was accepted by the question author.
Need Cisco Meraki firewall logs on sentinel
Want to get Cisco Meraki firewall logs on sentinel.Kindly anybody share a complete flow either in terms of documentation or as available. Becuse after searching alot still unable to find proper guidence. to configure meraki firwall logs on microsoft…
asked 2022-12-07T03:24:09.95+00:00
Syed Jaffar
26
Reputation points
commented 2024-08-13T16:13:18.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 26%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
Grote, Justin
11
Reputation points
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:32:30.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 97%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Robbe Willeme
0
Reputation points
commented 2024-08-13T07:58:23.62+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
1 answer
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:28:02.2866667+00:00
Robbe Willeme
0
Reputation points
answered 2024-08-13T07:56:18.2433333+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on automating the deployment of a Microsoft Sentinel workspace using PowerShell scripts. So far, I have successfully used the Microsoft.SecurityInsights API to install solutions and enable analytic rules. Now, I am looking to…
asked 2024-08-12T14:42:15.0433333+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:42:15.0433333+00:00
Robbe Willeme
0
Reputation points
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:22:49.1466667+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:22:49.1466667+00:00
Robbe Willeme
0
Reputation points
0 answers
How to connect the Microsoft Defender XDR event logs using the API?
I'm currently working on a project to fully automate the deployment of a Microsoft Sentinel workspace. I already developed a working PowerShell script that uses the Microsoft.SecurityInsights API to install solutions from the content hub and enable the…
asked 2024-08-12T14:19:27.4333333+00:00
Robbe Willeme
0
Reputation points
asked 2024-08-12T14:19:27.4333333+00:00
Robbe Willeme
0
Reputation points
1 answer
Jumpcloud connector not in sentinel
How can we connect it with sentinel, I tried solutions available on Github but it seems to be having an issue The Function app may be missing a module containing the 'New-AzStorageContext' command definition. If this command belongs to a module…
asked 2024-08-08T10:36:36.6566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 43%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rahul Gupta
0
Reputation points
commented 2024-08-12T09:59:43.3433333+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee