integrating Snowflake with Microsoft Sentinel
i need to integrating Snowflake with Microsoft Sentinel what grants the role needs for this integration?
'Microsoft Community v2' in the SigninLogs Table
Hi all, Would anyone be able to explain what 'Microsoft Community v2' is under the AppDisplayName within the SigininLogs table in Sentinel. Does anyone know what this is used for and why it would be triggered failed sign-in attempts for users? Thanks,
Not allowing to connect Sentinel Data connector with Defender XDR
Hello, I was trying to connect the "Microsoft Defender XDR" connector with "Microsoft Sentinel", but I am facing the below error. I am not sure why Sentinel is not allowing to establish the XDR connector. As I am the Owner of the…
Tenable Nessus Data Connector Not working on Microsoft Sentinel
Hello good day, I deploy the Tenable Nessus Data connector to Sentinel using the ARM Template. I have gone over this setup several times without fail. All my settings are right. I see even see the Function App and other dependent components. Everything…
In Logic apps how to pass a single backslash (\) as string in another action?
Hello there, I am making an logic app which has one http request action. Inside that http body I want to pass a variable which has a string with backslash But when I tried every single backslash was transformed into two backslash Can…
Does anybody know if or when new Cisco Meraki connector that supports AMA for Sentinel will be published?
I would like to find out if Microsoft or Cisco are planning to release updated connector for Sentinel for Cisco Meraki to support AMA agent? Any idea when? Thanks
How to parse CSV data in Data Collection Rule?
Hello, I can parse CSV data with this KQL in LAW: parse_csv(RawData) However, when I use it in the Transform section of the Data Collection Rule, I get the following error: Update Error - Error occurred while compiling query in query:…
Postgre SQL DB logs
I am trying to connect PostgreSQL DB Events to Microsoft Sentinel using the PostgreSQL Events built in data connector. All the configurations are done properly, heartbeat is there from the machine where this PostgreSQL is installed, but no logs. We are…
Scaling your CICD pipeline - Default parameter file is not being used
I am currently working on a CICD pipeline in combination with MS Sentinel content. I just got in touch with the repository and the process of handling parameter files. I am just asking myself why the default parameter file is not being used. All of my…
Microsoft Sentinel, Azure Policy
I am having a greater number of Azure Databricks, I need to integrate the audit logs of Data Bricks to Sentinel. Currently there is no in-built Data Connector. Manually going to each Data Bricks and adding Diagnostic settings is not possible. There is an…
How to ingest NetFlow into Sentinel
Is there a Sentinel connector for Cisco NetFlow ?
A logic app Get-VirusTotalIPReport is not working
I am trying to automate IP enrichment using the Virus Total API. I have set up a logic app and tied it to a respective analytical rule but I am getting the following error. This is a test instance and we have only few resources running on it.
Add Microsoft Sentinel to Log Analytics Workspace using Ansible
I am trying to create a Log Analytics Workspace with Microsoft Sentinel using Ansible following this module: https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_loganalyticsworkspace_module.html - name: Create a workspace…
Syslog through AMA connector not showing in the content hub list.
Hi, Trying to set up a syslog ingestion into Sentinel for testing. The setup consists of AMA on a on-prem syslog server. The legacy agent is soon not supported, and the requirement of AMA on-prem is according to Microsoft guides to have the following…
Microsoft Sentinel Threat Indicators API - nextLink returns same page
Hello, I have an issue where the nextLink is always returning the first page of the Threat Indicators in Sentinel. I'm using the following API-Uri to retrieve all Threat Indicators in a Sentinel Workspace…
Trend Micro Deep Security Data Connector in AMA
I am deploying and configuring Sentinel for a new customer. To my surprise today I found that the data connector used for the integration of TrenMicro DeepSecurity only supports integration via OMS/MMA. This agent will be decommissioned in August and I…
Syslog through AMA (CEF) Connector
Hi, Follwing up on my last question: https://video2.skills-academy.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co I have now installed Arc, and the machine is showing up on Azure Arc. The AMA is installed and is…
How to install Content Hub solutions via Bicep?
We are trying to deploy Sentinel as IaC and we'd like to install various different content hub solutions via Bicep, we are getting no errors, and inside Content Hub we can see the Solution is installed - but no connector is showing. Below is Bicep I am…
Trying to give a user rights to MS Sentential but nothing else inside of Aure
Right now I am trying to give a user rights to MS Sentential to customize it but not give admin access to Azure. Here is what I have created so far but Still getting issues. { "properties": { "roleName": "MS Azure…
Cloudflare Data Connector Error: `Provided WorkspaceResourceId is invalid (Code: BadRequest)`
I am trying to deploy the Cloudflare (preview) (using Azure Functions) Microsoft Sentinel | Data Connector. I have installed the connector and select Option 1 - Deploy to Azure button. I have provided the following parameters: To obtain the App Insights…