Notifications about assigned incident in Azure Sentinel
Hi, I want to configure notifications about assigning incident to user. For example, I want to get email alert any time when an incident is assigned to me. Is it possible to configure it? Thank you in advance.
Dashboard on Key Risk Indicators
Hello, We have hosted our data center in Azure which has multiple subscriptions, VNET's, VM's, WVD, PaaS databases etc. We have deployed Azure Sentinnel, Security Center. I'm trying to accomplish the following insights in a single dashboard. 1) Sign on…
Office 365 ATP analytics rule for Azure Sentinel very slow to create incidents
Hello, I have a demo tenant that we are using to test monitoring of Office 365 ATP Alerts in Azure Sentinel We are using the standard analytics rule that generates an incident when an alert is generated in ATP. It takes HOURS between the time the…
Azure Sentinel (Log) Analytics (Workspace)
Dear Sir/Madam, Use Case: Deploying a fast solution for the Mitre Att&ck Framework analysis: https://github.com/BlueTeamLabs/sentinel-attack/wiki Solution we seek: Mass Enable Categories of the Analytics Templates (ask for select, or…
Sentinel KQL converting Epoch to normal DateTime
Hello, Is there an Azure Sentinel KQL that will allow me to take EPOCH time and display it as a normal DateTime such as 11/20/2020, 11:24:31.227 AM in a column as standard?
Azure Sentinel - Logic Apps - Provide Slack Webhook URL
Hi, How can we add an Azure Sentinel Logic App - Slack integration with an webhook provided? Authentication seems to be required by a microsoft account for validation. We don't want that. User is authenticated in the browser for slack. Ideally,…
Secure Sentinnel | Issues from Web Application \ Windows Application
Hello, We are using Azure Secure Sentinnel on our Azure platform. We are setting up a data centre with Firewall, VNET, WVD, VM across subscriptions. In one of the Windows Server 2019, we are going to host a Web Application, Web API & also a…
How to prev()
Hello! How do I use prev() to return only results of the same UserDisplayName of the current log? Running the search below gives unexpected output (negative time_between_logins) and the previous log seems to be tied to a different user. Any…
Azure Sentinel & Indegy - Dataconnection , custom queries
Any one can share experience in integrating Azure Sentinel & Indegy please!
Azure Pen Test
Hi, does Azure has available reports of its own Pen Test or Red Teaming test?
Log analytics agent - disrupted internet connection
In the event that the log analytics agent fails to connect to Azure Sentinel (no/disrupted internet connection for example), will the LA Agent hold the logs whilst the connection is down and post to Sentinel when a connection is re-established? Or are…
Azure SecurityCenter
Hello All, What is the advantages of integration(enabling) of Azure Security Center with Sentinel? What kind of rule we can enable on sentinel for Azure Security Center? Thank You Rohit
How to add in Sentinel a tenant from Office 365?
The options for MSPS and CSPs to add new tenants to their own Sentinel workspace seems to be a bit of mystery, unless you are using Azure Lighthouse. This is a very common scenario, where the customer has only an Office 365 subscription and no other…
Windows Virtual Desktop Service | Secure Sentinnel | Australia Region
Hello, We are using Azure for our data migration activities. As part of it, we are planning to use Windows Virtual Desktop \ Azure Sentinnel. Based on the products available by region, I can see that Windows Virtual Desktop & Azure Sentinnel is…
How to create a playbook in Azure Sentinel that detects, alerts, and removes email forwarding rule(s) from Office 365?
Hi All, I would like to know how to create an Azure Sentinel playbook that does the following: Detects email forwarding rule(s) in Office 365 If there are any, delete the forwarding rule(s) sends an alert email to the admin(s) regarding the…
Send AWS CloudWatch events to Azure Sentinel
Have anyone made it possible to send AWS CloudWatch events to Azure Sentinel? Can you please share you setup process?
Manage security alerts in M365 Security Center or Sentinel or separately?
I am having some questions and would like to receive opinions that can contribute. I have the solutions in my environment and I'm in doubt about how to centralize everything. I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp,…
Powershell Script to add connectors to Azure Sentinel
Hi Team, Is there any way to automate the process(powershell or Json scripts/code) to add following data connectors to sentinel. -Azure Active Directory -Azure Activity -Azure Security Centre -Security Events I did not get any commands/code…
Sentinel 'Events and alerts over time' graph
Hi all, Let me start by thanking you in advance and being honest that I am very new to Sentinel. I've deployed a few Windows Firewall Data Connectors, Over the past few hours. However, the graph under the 'Workspace' for these machines looks odd.…
Azure Sentinel - Active Directory Connector show different info about log-ins than Azure Active Directory logs in
Yesterday I've chatted with Microsoft's support engineer from the "new support request" in our Log Analytics workspace. The engineer suggested me to write a question here. My issue is: when I go to my Azure Active Directory >…