Inquiry Regarding Multiple 4624 Event ID Logs for Single User Login
Hello Team, I am reaching out to inquire about a matter related to our Windows Security logs. Specifically, we have observed multiple instances of Event ID 4624 being logged for a single user login event in the Security Events table. As part of our…
Error upon setting up playbook.
I a using this guide to setup a playbook for the Alien Vault OTX. However I get the following error message when I try and save the logic - "Workflow validation failed for the workflow ''.…
The query behind the Sentinel Open | New | Active incident widget
Hi, We are trying to figure out what query produces the following numbers in Sentinel We've been trying to produce the same numbers using the SecurityIncident and SecurityAlert table, but the number of incidents are much less than showed here. I'm…
How to add a function app for azure workbook and sentinel solution
Hi, I am working on contributing to an azure sentinel solution in github, My solution contains data connector and workbooks. Now, I want to add a workbook that talks to a custom endpoint. In this case, the custom endpoint is a function app http…
30 day challenge for security operations analyst cert module numbers inconsistent
I am doing the 30 day challenge for sc-200 Security Operations Analyst. I have done the 53 modules stated in the challenge, however, my status says 53 of 54 modules completed. I have no info how to get to the 54th module if it exists! URL:…
Error Whille setting up SMTP Email V3 connection
Hi Team, I am configuring SMTP connection and getting below error Failed to create connection: { "error": { "code": 502, "source": "logic-apis-easteurope.azure-apim.net", "clientRequestId": "",…
How to audit the creator of an Enterprise Application in Azure
Hy I'm trying to get the creator of an "Enterprise Application", as soon as someone is creating one by query below. AuditLogs | where Category =~ "ApplicationManagement" | where OperationName =~ "Add application" | mv-expand…
Retention and archiving cost of non-billable tables
Hey folks I see MS updated this page a few months ago: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-3%2Cportal-1%2Cportal-2#pricing-model This part has been added to the documentation: "Log data…
Missing permission 'Microsoft.OperationsManagement/register/action' on scope '/subscriptions/8c507d2e-37ef-4ae1-864f-fd05f45b3cdb' is required to add Microsoft Sentinel to the selected workspace
Hi I'm facing problem when I tried to subscribe to Microsoft Sentinel. When I tried to add Microsoft Sentinel to my desire workspace , this notification pops up. I do have the Owner and Security Administrator permission. Can someone please enlighten me…
How to optimize amount of data sent via LogsIngestionClient.upload operation
Hi, I am using logs ingestion client in python to upload data. My usecase is to read messages off of aws sqs and build payloads that can be sent via LogsIngestionClient client. I built a simple timer trigger function app that reads aws sqs for new…
How are github links created/referenced in function app
I am finding it difficult to understand how are these links generated. https://aka.ms/sentinel-ApigeeXDataConnector-azuredeploy https://aka.ms/sentinel-ApigeeXDataConnector-functionapp I am building a similar function app json for my solution, and I…
Can I create a playbook in Microsoft Sentinel that is able to disable a compromised hybrid user account whose authentication authority is an on-premises Active Directory Domain controller?
I would like to create a playbook that disables a compromised account. The account is synchronised from an on-premises Active Directory Domain Controller. Synchronisation to Microsoft Entra ID is through Microsoft Entra Connect Sync. Password hash…
KQL validation is failing locally
I ran dotnet test as per https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally [xUnit.net 00:00:00.41] Exception discovering tests from Kqlvalidations.Tests: System.BadImageFormatException: Could not load file or assembly…
Sentinel Smart Deployment cannot push csv file to Azure DevOps
When I deploy content to sentinel using Azure DevOps, the content deploys successfully but when smart deployment enabled, it cannot push csv tracking file to Azure Repo with error [Warning] API call failed:…
Is there any oracle logs parser for azure sentinel we are not using oracle unified agent
Is there any oracle logs parser for azure sentinel we are not using oracle unified agent
Threat Intelligence Sharing
Hi all, Is it possible to use threat intelligence from a third party solution with Microsoft sentinel? And if possible, how would you connect them? Custom connectors? regard,
Closure Comments getting wiped out from Sentinel Incidents
Hi, We have observed that closure comments updated on sentinel incidents are getting wiped out after some time. This issue is observed for some of the alerts detected by Microsoft Defender. Only the closure classification remain in the incident activity…
This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Applied skills Name: Deploy containers by using Azure Kubernetes Service Issue: This assessment is currently disabled due to a technical issue. Explore our other Applied Skills while we work on a fix.
Azure Active Directory data connector missing
Hello all, Something that I've done on the regular has stopped working. Before reaching out to support, wondering if settings have just moved somewhere.. Basically trying to add the Azure Active Directory data connector to a Sentinel instance. Usually…
This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers
Hello There, In the latest sentinel news, a new solution has appeared, which is in preview, I would like to ask a question regarding the deployment of this solution, in sentinel there is a new option below the Content Management called Content Hub, and…