cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Office 365 connector

Skipster
Copper Contributor

‎Jun 01 2020 09:25 AM

‎Jun 01 2020 09:25 AM

Office 365 connector

Hello

 

I am able to connect Azure AD to Sentinel and i can see audit and log in data from Azure AD, however i am not getting any data from O365. I can connect O365 to Azure Sentinel but i dont see any data. When i look at the template i get the below error message . I have already tired deleting the O365 workbook and disconnecting the connector, and reconnecting it, but i still run into the same issue

 

"This query could not run because some parameters are not set.
Please set: Workload, UserType"

2,397 Views
0 Likes
7 Replies
Reply
7 Replies
Gary Bushey

‎Jun 01 2020 11:41 AM

‎Jun 01 2020 11:41 AM

Re: Office 365 connector

@Skipster The error is referring to the parameters drop down at the top of the workbook.  There is a TimeRange, Workload, and UserType drop down and all three will need to be set.

Preview file
26 KB
0 Likes
Reply
Skipster

‎Jun 01 2020 01:39 PM

‎Jun 01 2020 01:39 PM

Re: Office 365 connector

@Gary BusheyHi Gary

 

I dont have those options. See screen shotSentinel.PNG

0 Likes
Reply
Gary Bushey

‎Jun 01 2020 01:41 PM

‎Jun 01 2020 01:41 PM

Re: Office 365 connector

@Skipster They are the two drop downs that have the red dot next to them

0 Likes
Reply
Skipster

‎Jun 01 2020 02:40 PM

‎Jun 01 2020 02:40 PM

Re: Office 365 connector

@Gary BusheyUnderstood, however there is nothing to select in the drop down. It just says query failed

0 Likes
Reply
Gary Bushey

‎Jun 02 2020 06:22 AM - edited ‎Jun 02 2020 06:24 AM

‎Jun 02 2020 06:22 AM - edited ‎Jun 02 2020 06:24 AM

Re: Office 365 connector

@Skipster OK, now I get it.   Those drop downs are looking for the "OfficeActivity" table which brings you back to your original statement about not having the data.  Sorry for all the confusion.

 

BTW, deleting the workbook won't really do anything, it is the connector that is needed.  You said you have it connected and it states it is connected.  When you click on the Office 365 data connector, in the details pane on the right side, is there anything listed in the Data Received graph?

0 Likes
Reply
Skipster

‎Jun 02 2020 07:50 AM

‎Jun 02 2020 07:50 AM

Re: Office 365 connector

@Gary BusheyHi Gary. No, no data is listed in the "Data revived" pane

0 Likes
Reply
Gary Bushey

‎Jun 02 2020 08:14 AM

‎Jun 02 2020 08:14 AM

Re: Office 365 connector

@Skipster At this point you may need to open a ticket with MS to figure out what is going on.

0 Likes
Reply