Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,205 questions
0 answers
How to find out which of several authenticators was used in a sign-in?
We are using MFA with Microsoft Authenticator for user sign-ins to our tenant. Many of our users have registered more than one Microsoft Authenticator instance. Sometimes this is deliberate, in order to have a backup in case the primary smartphone is…
asked 2025-01-13T13:20:23.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
40
Reputation points
commented 2025-01-16T16:53:22.88+00:00
Tilman Schmidt
40
Reputation points
0 answers
Integrate Azure Purview to Azure Sentinel
Hello, I would like to integrate my Azure Purview with Azure Sentinel. I have followed the steps described in the official documentation at this "https://zcusa.951200.xyz/en-us/purview/register-scan-azure-blob-storage-source" link. However,…
asked 2025-01-15T03:24:53.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 4%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Muhammad Rifqi Prasetyo
0
Reputation points
commented 2025-01-16T11:19:46.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 8%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Smaran Thoomu
19,130
Reputation points Microsoft Vendor
0 answers
Has anyone tried correlating Prisma threat logs with Microsoft Events before?
We are trying to correlate our threat logs with any Microsoft events that could be related to it. It would help us enrich the alerts. Has anyone done it before? Does Microsoft have templates on it? Our current setup is, we have custom threat logs from…
asked 2025-01-16T04:16:31.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVI%3C/text%3E%3C/svg%3E)
Vince Ian Cruz
0
Reputation points
edited the question 2025-01-16T09:23:29.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VarunTha
10,850
Reputation points Microsoft Vendor
1 answer
How do you stop duplicate CEF and Syslog entries with the new Azure Monitor Agent
Hi there, I have the new Azure Monitor Agent for Linux installed and have created and run the new Data Collection Rule set without issue. I now have CEF and Syslog coming through but want to filter out CEF from Syslog. In /etc/rsyslog.d I created a new…
asked 2023-09-14T14:29:40.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 1%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Lloyd Carnie
5
Reputation points
commented 2025-01-16T03:14:11.3266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 28.999999999999996%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Roger Spraggon
0
Reputation points
0 answers
AWS GuardDuty integration Issue with Sentinel
Hi Support Team I wanted to integrate GuardDuty with Sentinel, so I followed the instructions in this link my connector is connected successfully, but I am still not receiving any logs in the AWSGuardduty table in Sentinel. would you please someone tell…
asked 2025-01-15T12:56:11.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ali Salem Panah
20
Reputation points
asked 2025-01-15T12:56:11.94+00:00
Ali Salem Panah
20
Reputation points
0 answers
Microsoft Sentinel: System Assigned Managed Identity can't find location
I'm trying to connect Azure Activity to Microsoft Sentinel. It requires creating a Managed Identity. When creating a System Assigned Managed Identity, a location is required but there's no location options to select. Any idea what could be causing this?…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 56.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
How to connect Azure Activity data connector in Sentinel
Hello, I am having trouble connecting the Data Connectors in Sentinel. The instructions in Microsoft Learn differ from what I observe in Sentinel, but here is what I have done thus far: I have installed the Azure Activity Data Connector from the Content…
asked 2025-01-10T20:39:41.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 85%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Ty
0
Reputation points
answered 2025-01-13T09:49:33.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
34,871
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Disable pop-ups in Azure Sentinel
Hello, I’ve been working with Azure Sentinel for about a year now. Some months ago, Azure introduced a pop-up that appears whenever I have a KQL query open and attempt to close the browser tab or press X. This has become extremely frustrating. I simply…
asked 2025-01-04T06:14:30.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 62%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Albert Hardvendel
20
Reputation points
accepted 2025-01-11T06:28:46.48+00:00
Albert Hardvendel
20
Reputation points
1 answer
Netskope Data Connector (using Azure Functions) Disconnected
Upon completion of all the configurations provided and making sure Netskope API token is valid. The data connector is still disconnected. Tried running the Trigger playbook and it triggered successfully but still the connector is disconnected.
asked 2025-01-10T02:56:44.5466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 79%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Reigan Arcilla
0
Reputation points
answered 2025-01-10T06:06:49.3533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
10,935
Reputation points Microsoft Vendor
1 answer
Summary rules - Limit on total aggregated size
Folks, I'm trying to use summary rules to aggregate firewall logs. There's a hard size limit from MS per result of 100 MB which I think is not up to the mark for firewall logs. While summarizing I'm creating two sets and grouping by 7 other fields (I…
asked 2024-12-19T14:16:00.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
20
Reputation points
edited an answer 2025-01-08T16:55:49.2133333+00:00
Raja Pothuraju
10,935
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Defender for Endpoint Vulnerability Management Browser Extensions not populating
We recently started a trial of the Defender Vulnerability Management add-on and applied the licenses to our users. Everything seems to be working fine, but unfortunately on a small handful of the browser extensions and hardware information are…
asked 2025-01-07T21:04:33.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
George Zerphey
176
Reputation points
accepted 2025-01-08T13:33:50.9333333+00:00
George Zerphey
176
Reputation points
1 answer
One of the answers was accepted by the question author.
can we able to transfer the security event logs of windows server of one resource group to an log analytics workspace (Microsoft Sentinel) which is deployed with other resource group
can we able to transfer the security event logs of windows server of one resource group to an log analytics workspace (Microsoft Sentinel) which is deployed with other resource group
asked 2025-01-07T14:49:37.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 8%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
K, Chandrashekharmurthy
20
Reputation points
accepted 2025-01-08T13:18:14.6066667+00:00
K, Chandrashekharmurthy
20
Reputation points
1 answer
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
How to integrate paloalto firewall on-premises and cloud with Microsoft sentinel step by step
asked 2024-12-15T09:21:08.1633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
suraj hirekudi
0
Reputation points
commented 2025-01-02T09:42:01.0933333+00:00
Givary-MSFT
34,871
Reputation points Microsoft Employee
1 answer
I cannot Login to Sentinel. All other admin portals work fine.
get this error everytime I logged in. I tried clearing cookies, cache, Incognito mode. Nothing works.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 39%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
1 answer
How to purchase sentinel?
How to purchase Microsoft sentinel or where I can buy it?
asked 2024-12-02T18:10:08.23+00:00
emir goenaga
0
Reputation points
commented 2025-01-02T07:38:51.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
20,371
Reputation points Microsoft Employee
0 answers
Tasks-Details of the Tasks missing in SecurityIncident table
The Tasks added to an Incident don't have the Details (text added to the Task except the Title) in the SecurityIncident table or any other Table. Where can we find these details?
asked 2024-12-28T21:12:16.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 45%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Grace A
1
Reputation point
commented 2025-01-02T06:40:47.3433333+00:00
Givary-MSFT
34,871
Reputation points Microsoft Employee
1 answer
Microsoft Sentinel for SAP - No Audit Log Data - other data is visible
Hello all, we have a strange issue - we dont receive AUDIT LOG data in MS Sentinel for SAP - other data is successfully transferred: SM19/SM20 is activated with content on SAP side (checked:…
asked 2024-12-19T15:58:21.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 80%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGF%3C/text%3E%3C/svg%3E)
Gabel, Felix
20
Reputation points
commented 2024-12-27T09:32:27.2033333+00:00
Givary-MSFT
34,871
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
How to check the azure sentinel health for all the workspace in my organization?
Can someone help on how to check the sentinel status across all the workspace in organization?
asked 2024-12-20T09:36:28.5433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 63%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Avinash Bisoi
20
Reputation points
accepted 2024-12-24T09:18:09.9566667+00:00
Avinash Bisoi
20
Reputation points
2 answers
One of the answers was accepted by the question author.
Summary rules - showing 404
I can no longer view summary rules. When I click on Summary rules it shows an error "NOT FOUND" Anybody noticed this lately? It was working pretty well before 5th of December.
asked 2024-12-09T11:03:30.0666667+00:00
Khanna, Keshav
20
Reputation points
commented 2024-12-23T11:02:23.46+00:00
Khanna, Keshav
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Mismatch in amount of data received in logs analytics workspace and DCR metrics
I have defined a data collection rule and am using logs ingestion api to send data to 2 custom tables. I have defined diagnostic settings for the DCR such that error logs are sent to logs analytics workspace. For about an hour, I have events ingested…
asked 2024-03-28T07:47:47.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Ashwin Venkatesha
230
Reputation points
edited the question 2024-12-22T13:24:38.7033333+00:00
TP
101.9K
Reputation points