Azure Sentinel - Active Directory Connector show different info about log-ins than Azure Active Directory logs in
Yesterday I've chatted with Microsoft's support engineer from the "new support request" in our Log Analytics workspace. The engineer suggested me to write a question here. My issue is: when I go to my Azure Active Directory >…
Email/Phone Indicators in Account Entity Types
Hi There, As Sentinel supports only four entity types - Account 2. IP 3. Host 4. URL Can we use Email or Phone Number in the logs and map it to Account Entity Type?
Behavior Analytics
Hello All, Kindly any one give me some details about behavior analytics. If i enable it then what is the benefit of this service. Is this chargeable?
possible query to filter data from PCAP in Sentinel.
What would be possible query to capture the pcap data in sentinel.
Can Azure Sentinal be used for any scenario when we migrate data from ADLS Gen1 to Gen2
We are using Data factory to migrate data (mostly files in form of parquet) from ADLS Gen1 to ADLS Gen2. I am aware that Azure sential can be used for thread detection, protection etc using the Incidents raised. But can this be used only for this data…
creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi, how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://video2.skills-academy.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields…
Turning off Azure Security Centre to cut monthly operations cost
How much does it cost for the Azure Security Centre access per month? My security team has already deployed IBM Q-Radar SIEM and wanted to cut the cost of operating Azure cloud, hence I wonder: How much does it cost monthly to run Azure Security…
How to take the Network Security Group(NSG) logs to Azure Sentinel
Hello, I have Azure Sentinel, Kindly suggest the steps how to forward the NSG(Azure Firewall) logs to Sentinel. Regards, Chandan Prajapati
Window Firewall
Hello All, Kindly suggest me how to take the Windows Firewall logs to Sentinel. Thank You
Is it possible to display Sentinel Incidents and Alerts within Azure Dashboards
Hi, I am wondering if i can query the SecurityAlert logs within Dashboard query? I find the workbooks and the Sentinel Overview screen to not be ideal as a dashboard screen and want to have it all in dashboards
What's the best way to get on-premise Domain Controller Logs into Sentinel?
I'm working to get logs from an on-prem server into Sentinel. Really all I need is visibility into what's going on, and some route to respond to threats so it doesn't necessarily have to be Sentinel but that's what I've been using so far to monitor Azure…
Nsg Log to Sentinel
Hello, Can any one provide me the exact process/Docs/link for how to enable Azure Firewall(NSG) to Sentinel. Or how to see the (Azure Firewall) NSG logs in Sentinel. Thanks Rohit
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
I have two different fortigate that stream logs to a CEF collector (linux oms agent). The agent relays the info to logs analytics workspace that has azure sentinel and it does process them. When querying the logs I do not have a way to know from which…
Getting a 500 error when creating a office 365 dataconnector by using the azure api.
Hello, I'm trying to replicate this example and I'm getting a 500 error. Does anybody has faced this same issue before? …
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
I am trying to create an alert query that will let me know if a specific source has not provided logs within 7 days, but I am not sure the what syntax would allow for this. It is simple to find entries older than 7 days, but is it possible to alert if…
AI for Covid19
In today's crisis of Covid19, AI will definitely is a key element to be used to further enhance humanity and health of the world. What would be the best technology to be used?
Looking for a sample event that triggers when one of the existing users has been assigned with "global admin privilege" in office 365
On the SIEM solution (eg. Azure sentinel), i am looking to create a correlation rule that will use the event that gets generated when one of the existing users has been assigned with the 'global admin' privileges. As i do not have any such instances from…
What happens after free trial for Azure Sentinel expires and what are the trial limits?
Our client wants to try trial version of Azure Sentinel and is curious what happens after free trial expires, for example, will he lose access to all features or will he have access to partial free features or he'll have access but will pay per usage. …
Will Azure Sentinel integrate with my organization’s existing tools?
Will Azure Sentinel integrate with my organization’s existing tools? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Azure Sentinel
What are “Incidents” in Azure Sentinel and how are they different from alerts?
What does it mean when I see a list of new and open incidents in Azure Sentinel? What are incidents in Azure Sentinel and how are they different from alerts? [Note: As we migrate from MSDN, this question has been posted by an Azure Cloud…