Forum Discussion

fm1984's avatar
fm1984
Copper Contributor
Feb 07, 2020

Azure Sentinel with Lighthouse

We have deployed Azure Lighthouse to manage Azure Sentinel with Azure Sentinel Contributor and Azure Logic App Contributor roles.  we can access client's Sentinel. We've got a few incidents now. we ...
CliveWatson's avatar
CliveWatson
Icon for Microsoft rankMicrosoft
Feb 07, 2020
1. From which Log Analytics Table does that data come from, or which Alert (or is a custom one) is the Incident generated? Is it Signinlogs?
2. see #1
fm1984's avatar
fm1984
Copper Contributor
Feb 09, 2020

CliveWatson 

 

. From which Log Analytics Table does that data come from, or which Alert (or is a custom one) is the Incident generated? Is it Signinlogs?

 

this is an alert from Firewall related to Key vault access .  this is not custom one 

 

so my main issues are the i am using lighthouse to access customers sentinel and i can not see customers users when i want to assign an incident. so wondering if this is not possible at the moment or i need to do some role to do this.     

 

second is that when i investigate an incident I can not see the user name of the account involved in that incident. is this also related to the some permission.

  • lmpalermo's avatar
    lmpalermo
    Copper Contributor
    Jun 24, 2020

    fm1984 We are having the same with seeing the customer's user.  Have you found a role or another solution to solve this issue?

Resources