question

EnterpriseArchitect avatar image
0 Votes"
EnterpriseArchitect asked vipulsparsh-MSFT commented

Unable to see builtin logs in Azure Sentinel workspace?

According to: https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

Azure Activity Logs,
Office 365 Audit Logs (all SharePoint activity and Exchange admin activity)
and alerts from Microsoft Defender products (
Azure Defender,
Microsoft 365 Defender,
Microsoft Defender for Office 365,
Microsoft Defender for Identity,
Microsoft Defender for Endpoint
),
Azure Security Center,
Microsoft Cloud App Security,
and Azure Information Protection

Can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics.

But I do not see it under the newly created workspace ?
am I missing something here?

azure-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
1 Vote"
vipulsparsh-MSFT answered vipulsparsh-MSFT commented

@EnterpriseArchitect Thanks for reaching out. Normally there might be a delay of 24 hours until you see the logs after adding the corresponding sources under connectors in Azure Sentinel.

If you have added the connectors recently, please wait.
If you have added the connectors more than 24 - 48 hours back, let us know.

Here is a sample of how you can add the AAD logs to Sentinel :
82659-image.png

Similar connector needs to be added for office 365 and other Defenders.



image.png (111.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @vipulsparsh-MSFT thank you for the reply.
So which connector can I ad that does not incur the additional monthly cost?

0 Votes 0 ·