Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,123 questions
1 answer
integrating Snowflake with Microsoft Sentinel
i need to integrating Snowflake with Microsoft Sentinel what grants the role needs for this integration?
asked 2024-08-07T14:08:46.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ali Salem Panah
0
Reputation points
answered 2024-08-12T08:50:42.5633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
18,766
Reputation points Microsoft Employee
0 answers
'Microsoft Community v2' in the SigninLogs Table
Hi all, Would anyone be able to explain what 'Microsoft Community v2' is under the AppDisplayName within the SigininLogs table in Sentinel. Does anyone know what this is used for and why it would be triggered failed sign-in attempts for users? Thanks,
asked 2024-08-09T12:46:42.1166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Steven Henwood
0
Reputation points
edited a comment 2024-08-09T14:18:51.3033333+00:00
Andrew Blumhardt
9,856
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Not allowing to connect Sentinel Data connector with Defender XDR
Hello, I was trying to connect the "Microsoft Defender XDR" connector with "Microsoft Sentinel", but I am facing the below error. I am not sure why Sentinel is not allowing to establish the XDR connector. As I am the Owner of the…
asked 2024-05-08T12:07:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Karan Bhatt
47
Reputation points
accepted 2024-08-09T09:22:01.3433333+00:00
Karan Bhatt
47
Reputation points
2 answers
Tenable Nessus Data Connector Not working on Microsoft Sentinel
Hello good day, I deploy the Tenable Nessus Data connector to Sentinel using the ARM Template. I have gone over this setup several times without fail. All my settings are right. I see even see the Function App and other dependent components. Everything…
asked 2024-08-05T11:25:30.8266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 51%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
Evidence Monday
0
Reputation points
answered 2024-08-08T22:24:34.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
36,821
Reputation points Microsoft Employee
3 answers
In Logic apps how to pass a single backslash (\) as string in another action?
Hello there, I am making an logic app which has one http request action. Inside that http body I want to pass a variable which has a string with backslash But when I tried every single backslash was transformed into two backslash Can…
asked 2022-07-14T04:33:25.483+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bharvi Bhut
181
Reputation points
answered 2024-08-08T20:57:44.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 53%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Robert
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Does anybody know if or when new Cisco Meraki connector that supports AMA for Sentinel will be published?
I would like to find out if Microsoft or Cisco are planning to release updated connector for Sentinel for Cisco Meraki to support AMA agent? Any idea when? Thanks
asked 2024-03-08T02:00:05.3666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 46%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA3%3C/text%3E%3C/svg%3E)
AdamKlocek-3110
40
Reputation points
commented 2024-08-08T08:31:14.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
pemontto
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How to parse CSV data in Data Collection Rule?
Hello, I can parse CSV data with this KQL in LAW: parse_csv(RawData) However, when I use it in the Transform section of the Data Collection Rule, I get the following error: Update Error - Error occurred while compiling query in query:…
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,174 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,123 questions
asked 2024-08-06T23:24:13.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 35%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYK%3C/text%3E%3C/svg%3E)
Yusuf KUYRUKÇU
20
Reputation points
accepted 2024-08-08T05:50:55.8466667+00:00
Yusuf KUYRUKÇU
20
Reputation points
0 answers
Postgre SQL DB logs
I am trying to connect PostgreSQL DB Events to Microsoft Sentinel using the PostgreSQL Events built in data connector. All the configurations are done properly, heartbeat is there from the machine where this PostgreSQL is installed, but no logs. We are…
asked 2024-07-25T05:14:21.27+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 93%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Praveen Ayyasamy
40
Reputation points
edited the question 2024-08-06T03:36:12.6933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
32,311
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Scaling your CICD pipeline - Default parameter file is not being used
I am currently working on a CICD pipeline in combination with MS Sentinel content. I just got in touch with the repository and the process of handling parameter files. I am just asking myself why the default parameter file is not being used. All of my…
asked 2024-07-16T09:17:24.5566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWN%3C/text%3E%3C/svg%3E)
Wagner Nico
20
Reputation points
accepted 2024-08-05T10:22:58.7566667+00:00
Wagner Nico
20
Reputation points
2 answers
One of the answers was accepted by the question author.
Microsoft Sentinel, Azure Policy
I am having a greater number of Azure Databricks, I need to integrate the audit logs of Data Bricks to Sentinel. Currently there is no in-built Data Connector. Manually going to each Data Bricks and adding Diagnostic settings is not possible. There is an…
asked 2024-07-25T05:11:00.2766667+00:00
Praveen Ayyasamy
40
Reputation points
accepted 2024-07-31T02:00:20.6666667+00:00
Praveen Ayyasamy
40
Reputation points
1 answer
One of the answers was accepted by the question author.
How to ingest NetFlow into Sentinel
Is there a Sentinel connector for Cisco NetFlow ?
asked 2024-07-18T13:32:34.2833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Chad Hutchings
20
Reputation points Microsoft Employee
accepted 2024-07-30T13:35:08.76+00:00
Chad Hutchings
20
Reputation points Microsoft Employee
1 answer
A logic app Get-VirusTotalIPReport is not working
I am trying to automate IP enrichment using the Virus Total API. I have set up a logic app and tied it to a respective analytical rule but I am getting the following error. This is a test instance and we have only few resources running on it.
asked 2024-07-30T11:07:58.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 1%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bhupender Singh
0
Reputation points
answered 2024-07-30T11:33:30.39+00:00
Sedat SALMAN
13,740
Reputation points
1 answer
Add Microsoft Sentinel to Log Analytics Workspace using Ansible
I am trying to create a Log Analytics Workspace with Microsoft Sentinel using Ansible following this module: https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_loganalyticsworkspace_module.html - name: Create a workspace…
asked 2024-07-25T19:02:15.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravalia Krutika Harishbhai
40
Reputation points
edited an answer 2024-07-29T12:28:00.28+00:00
Andrew Blumhardt
9,856
Reputation points Microsoft Employee
3 answers
Syslog through AMA connector not showing in the content hub list.
Hi, Trying to set up a syslog ingestion into Sentinel for testing. The setup consists of AMA on a on-prem syslog server. The legacy agent is soon not supported, and the requirement of AMA on-prem is according to Microsoft guides to have the following…
3 answers
Microsoft Sentinel Threat Indicators API - nextLink returns same page
Hello, I have an issue where the nextLink is always returning the first page of the Threat Indicators in Sentinel. I'm using the following API-Uri to retrieve all Threat Indicators in a Sentinel Workspace…
asked 2024-03-23T21:12:01.4666667+00:00
Benedict Schmieder
0
Reputation points
answered 2024-07-26T08:28:23.0733333+00:00
Fabian Bader
0
Reputation points
1 answer
Trend Micro Deep Security Data Connector in AMA
I am deploying and configuring Sentinel for a new customer. To my surprise today I found that the data connector used for the integration of TrenMicro DeepSecurity only supports integration via OMS/MMA. This agent will be decommissioned in August and I…
asked 2024-07-19T09:56:51.57+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 67%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Eduardo Vilar
0
Reputation points
commented 2024-07-26T03:12:57.3133333+00:00
Givary-MSFT
32,311
Reputation points Microsoft Employee
2 answers
Syslog through AMA (CEF) Connector
Hi, Follwing up on my last question: https://video2.skills-academy.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co I have now installed Arc, and the machine is showing up on Azure Arc. The AMA is installed and is…
asked 2024-06-11T10:30:54.9766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBE%3C/text%3E%3C/svg%3E)
Bl()e
25
Reputation points
answered 2024-07-25T20:11:20.5233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 8%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Kaspars Ročāns
10
Reputation points
1 answer
How to install Content Hub solutions via Bicep?
We are trying to deploy Sentinel as IaC and we'd like to install various different content hub solutions via Bicep, we are getting no errors, and inside Content Hub we can see the Solution is installed - but no connector is showing. Below is Bicep I am…
asked 2024-07-23T23:13:25.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 96%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Matthew Jensen
20
Reputation points
answered 2024-07-24T17:34:01.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 89%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIC%3C/text%3E%3C/svg%3E)
Iheanacho Chukwu
745
Reputation points
1 answer
One of the answers was accepted by the question author.
Trying to give a user rights to MS Sentential but nothing else inside of Aure
Right now I am trying to give a user rights to MS Sentential to customize it but not give admin access to Azure. Here is what I have created so far but Still getting issues. { "properties": { "roleName": "MS Azure…
asked 2024-07-24T10:27:54.5866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 71%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPW%3C/text%3E%3C/svg%3E)
Peter Wilcox
21
Reputation points
accepted 2024-07-24T12:28:54.46+00:00
Peter Wilcox
21
Reputation points
2 answers
Cloudflare Data Connector Error: `Provided WorkspaceResourceId is invalid (Code: BadRequest)`
I am trying to deploy the Cloudflare (preview) (using Azure Functions) Microsoft Sentinel | Data Connector. I have installed the connector and select Option 1 - Deploy to Azure button. I have provided the following parameters: To obtain the App Insights…
asked 2024-07-23T09:19:37.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 51%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Ben Smith
0
Reputation points
answered 2024-07-24T10:59:55.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur
29,741
Reputation points Microsoft Employee