cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TiIndicators not showing up in ThreatIntelligenceIndicator Logs

%3CLINGO-SUB%20id%3D%22lingo-sub-1507418%22%20slang%3D%22en-US%22%3ETiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1507418%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20seems%20that%20around%20July%202nd%2C%20%3CSPAN%3E7%2F2%2F2020%2C%209%3A17%3A26.272%20PM%20UTC%3C%2FSPAN%3E%2C%20all%20of%20our%20custom%20TiIndicators%20stopped%20showing%20up%20in%20our%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EThreatIntelligenceIndicator%20logs.%20All%20of%20the%20logic%20apps%20are%20running%20successfully%20and%20POSTing%20to%20the%20SecGraphApi%20-%20with%20the%20correct%20responses.%20We%20can%20also%20send%20a%20GET%20to%20the%20API%20with%20the%20newly%20created%20TiIndicator%20ID%20and%20verify%20that%20the%20indicator%20exists.%20When%20searching%20the%20logs%20we%20are%20not%20seeing%20anything%2C%20however.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EThe%20indicators%20retrieved%20by%20the%20built%20in%20TAXII%20data%20connector%20are%20still%20in%20the%20logs.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EWe%20have%20tested%20this%20with%20the%20standard%20POST%20method%20the%20to%20API%20as%20well%20as%20the%20new%20MS%20Graph%20Security%20-%26nbsp%3B%20Create%20TiIndicator%2FCreate%20Multiple%20TiIndicator%20actions%20in%20the%20LogicApps.%20We%20have%20also%20tested%20in%20a%20separate%20tenant.%26nbsp%3B%20%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1507941%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1507941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20who%20put%20this%20fix%20in%2C%20but%20we%20are%20seeing%20positive%20results%20now%20in%20both%20tenants.%20Nothing%20changed%20on%20our%20end.%20Any%20post-fix%20info%20would%20be%20great.%20Thanks%20again%20MS%20Sentinel%20Team!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1517287%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1517287%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%20%3A%20While%20we%20monitor%20for%20issues%20and%20try%20to%20preempt%2C%20I%20do%20recommend%20opening%20a%20support%20ticket%20in%20such%20a%20case.%20Whether%20instead%20of%20or%20in%20addition%20to%20a%20community%20post.%20While%20the%20community%20interaction%20is%20lively%20and%20quite%20fast%2C%20if%20something%20disrupts%20your%20service%2C%20we%20want%20to%20make%20sure%20we%20resolve%20it%20as%20soon%20as%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1521959%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1521959%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3BThank%20you%20Ofer%20%3D)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20opened%20a%20ticket%20and%20I%20can%20confirm%20it%20is%20broken%20again.%203%20separate%20tenants%20and%20the%20last%20threat%20intel%20entry%20that%20shows%20up%20in%20the%20logs%20is%20on%20the%2010th.%20The%20logic%20apps%20run%20and%20I%20can%20return%20threat%20intel%2C%20but%20it's%20just%20not%20in%20the%20logs%20for%20use%20in%20analytic%20rules.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20encourage%20others%20to%20check%20their%20logs%20and%20make%20sure%20their%20rules%20are%20working.%20Or%20at%20least%20be%20aware%20log%20entries%20are%20missing.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1524976%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1524976%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B-%20Can%20you%20please%20send%20me%20the%20link%20to%20the%20support%20ticket%3F%20We%20would%20need%20the%20Tenant%20ID%20and%20Workspace%20ID%20in%20order%20to%20investigate%20the%20issue%20further.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1525233%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1525233%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20experiencing%20the%20same%20issues%20.%20I%20have%20logged%20a%20MS%20support%20ticket.%20Waiting%20for%20themfind%20resolution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1526805%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1526805%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F729092%22%20target%3D%22_blank%22%3E%40mboppe%3C%2FA%3E%26nbsp%3B-%20Can%20you%20please%20provide%20the%20support%20ticket%20link%3F%20We%20would%20need%26nbsp%3B%20the%20workspace%20id%20and%20tenant%20id%20to%20further%20investigate%20the%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1537026%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1537026%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20issue%20should%20now%20be%20resolved.%20Please%20let%20me%20know%20if%20you%20still%20see%20the%20issue%20persisting.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1537091%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1537091%22%20slang%3D%22en-US%22%3EThank%20you!%20We%20received%20notice%20yesterday%20that%20there%20was%20an%20ongoing%20issue.%20I%20will%20update%20in%20a%20few%20days.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1537976%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1537976%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20experienced%20the%20same%20issue%20and%20on%20the%20same%20date.%20I%20already%20opened%20a%20support%20ticket%20with%20microsoft%20support.%20But%20they%20haven't%20yet%20identified%20that%20there%20was%20an%20issue%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1538560%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538560%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540154%22%20target%3D%22_blank%22%3E%40majo01%3C%2FA%3E%26nbsp%3B%3A%20The%20issue%20is%20now%20resolved.%20Are%20you%20still%20seeing%20the%20issue%20persisting%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20make%20sure%20that%20the%20TIP%20Connector%20in%20Sentinel%20is%20turned%20on.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1539911%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1539911%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F730046%22%20target%3D%22_blank%22%3E%40RijutaKapoor%3C%2FA%3EThe%26nbsp%3B%20ticket%20number%20is%26nbsp%3B120070623000858%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1549158%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1549158%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F730046%22%20target%3D%22_blank%22%3E%40RijutaKapoor%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20still%20seeing%20this%20issue.%26nbsp%3B%20It%20works%20for%20a%20few%20days%20then%20breaks%20again.%20I%20have%20attached%20an%20image%20with%20our%20baseline.%20You%20can%20see%20when%20the%20issue%20starts%20to%20ramp%20up%20and%20then%20totally%20stop.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1550950%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1550950%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B%20-%20Can%20you%20please%20confirm%20if%20the%20TIP%20Connector%20is%20enabled%20for%20you%3F%20Are%20you%20also%20using%20the%20TAXII%20Data%20connector%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1551645%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1551645%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B%20-%20Also%2C%20can%20we%20get%20on%20a%20quick%20call%20to%20investigate%20and%20explain%20the%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1551668%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1551668%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F730046%22%20target%3D%22_blank%22%3E%40RijutaKapoor%3C%2FA%3E%26nbsp%3BYes%2C%20we%20have%20TIP%20and%20TAXII%20enabled.%20Among%20many%20other%20sources.%20I%20can%20send%20you%20my%20number%20in%20messages.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1551695%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1551695%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F552625%22%20target%3D%22_blank%22%3E%40JBUB_Arbala%3C%2FA%3E%26nbsp%3B-That%20would%20really%20help.%20My%20email%20is%20%22%3CA%20href%3D%22mailto%3Arikapoo%40microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Erikapoo%40microsoft.com%22.%20Please%20drop%20me%20an%20email%20and%20I%20will%20schedule%20a%20call%20with%20you%20sometime%20this%20week.%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1552189%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1552189%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F730046%22%20target%3D%22_blank%22%3E%40RijutaKapoor%3C%2FA%3E%26nbsp%3B%20I%20think%20the%20issue%20has%20been%20resolved%20now.%20I%20was%20told%20by%20teh%20MS%20engineer%20that%20the%20issue%20impacted%20the%20Australia%20region.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1554616%22%20slang%3D%22en-US%22%3ERe%3A%20TiIndicators%20not%20showing%20up%20in%20ThreatIntelligenceIndicator%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1554616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F729092%22%20target%3D%22_blank%22%3E%40mboppe%3C%2FA%3E%26nbsp%3B-%20Yes%20the%20issue%20was%20affecting%20Australian%20customers%20and%20now%20it%20has%20been%20resolved.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
JBUB_Arbala
Occasional Contributor

‎Jul 07 2020 04:38 PM

‎Jul 07 2020 04:38 PM

TiIndicators not showing up in ThreatIntelligenceIndicator Logs

It seems that around July 2nd, 7/2/2020, 9:17:26.272 PM UTC, all of our custom TiIndicators stopped showing up in our 

ThreatIntelligenceIndicator logs. All of the logic apps are running successfully and POSTing to the SecGraphApi - with the correct responses. We can also send a GET to the API with the newly created TiIndicator ID and verify that the indicator exists. When searching the logs we are not seeing anything, however.
 
The indicators retrieved by the built in TAXII data connector are still in the logs.
 
We have tested this with the standard POST method the to API as well as the new MS Graph Security -  Create TiIndicator/Create Multiple TiIndicator actions in the LogicApps. We have also tested in a separate tenant.   
 
943 Views
2 Likes
18 Replies
Reply
18 Replies
JBUB_Arbala

‎Jul 07 2020 11:01 PM

‎Jul 07 2020 11:01 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala 

 

Not sure who put this fix in, but we are seeing positive results now in both tenants. Nothing changed on our end. Any post-fix info would be great. Thanks again MS Sentinel Team!

0 Likes
Reply
Ofer_Shezaf

‎Jul 12 2020 10:38 AM

‎Jul 12 2020 10:38 AM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala : While we monitor for issues and try to preempt, I do recommend opening a support ticket in such a case. Whether instead of or in addition to a community post. While the community interaction is lively and quite fast, if something disrupts your service, we want to make sure we resolve it as soon as possible.

0 Likes
Reply
JBUB_Arbala

‎Jul 14 2020 01:22 PM

‎Jul 14 2020 01:22 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@Ofer_Shezaf Thank you Ofer =)

 

We have opened a ticket and I can confirm it is broken again. 3 separate tenants and the last threat intel entry that shows up in the logs is on the 10th. The logic apps run and I can return threat intel, but it's just not in the logs for use in analytic rules. 

 

I encourage others to check their logs and make sure their rules are working. Or at least be aware log entries are missing.  

0 Likes
Reply
RijutaKapoor

‎Jul 15 2020 02:44 PM

‎Jul 15 2020 02:44 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala - Can you please send me the link to the support ticket? We would need the Tenant ID and Workspace ID in order to investigate the issue further. 

0 Likes
Reply
MalliBoppe

‎Jul 15 2020 04:57 PM

‎Jul 15 2020 04:57 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala 

We are experiencing the same issues . I have logged a MS support ticket. Waiting for themfind resolution.

1 Like
Reply
RijutaKapoor

‎Jul 16 2020 08:33 AM

‎Jul 16 2020 08:33 AM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@MalliBoppe - Can you please provide the support ticket link? We would need  the workspace id and tenant id to further investigate the issue.

0 Likes
Reply
RijutaKapoor

‎Jul 21 2020 01:36 PM

‎Jul 21 2020 01:36 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

This issue should now be resolved. Please let me know if you still see the issue persisting. 

0 Likes
Reply
JBUB_Arbala

‎Jul 21 2020 02:03 PM

‎Jul 21 2020 02:03 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

Thank you! We received notice yesterday that there was an ongoing issue. I will update in a few days.
0 Likes
Reply
majo01

‎Jul 22 2020 02:37 AM

‎Jul 22 2020 02:37 AM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala 

We experienced the same issue and on the same date. I already opened a support ticket with microsoft support. But they haven't yet identified that there was an issue

1 Like
Reply
RijutaKapoor

‎Jul 22 2020 08:08 AM

‎Jul 22 2020 08:08 AM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@majo01 : The issue is now resolved. Are you still seeing the issue persisting? 

Please make sure that the TIP Connector in Sentinel is turned on.

0 Likes
Reply
MalliBoppe

‎Jul 22 2020 04:58 PM

‎Jul 22 2020 04:58 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@RijutaKapoorThe  ticket number is 120070623000858

1 Like
Reply
JBUB_Arbala

‎Jul 27 2020 06:52 PM

‎Jul 27 2020 06:52 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@RijutaKapoor 

 

We are still seeing this issue.  It works for a few days then breaks again. I have attached an image with our baseline. You can see when the issue starts to ramp up and then totally stop.

Preview file
125 KB
0 Likes
Reply
RijutaKapoor

‎Jul 28 2020 10:14 AM

‎Jul 28 2020 10:14 AM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala  - Can you please confirm if the TIP Connector is enabled for you? Are you also using the TAXII Data connector? 

0 Likes
Reply
RijutaKapoor

‎Jul 28 2020 02:10 PM

‎Jul 28 2020 02:10 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@JBUB_Arbala  - Also, can we get on a quick call to investigate and explain the issue?

0 Likes
Reply
JBUB_Arbala

‎Jul 28 2020 02:20 PM

‎Jul 28 2020 02:20 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@RijutaKapoor Yes, we have TIP and TAXII enabled. Among many other sources. I can send you my number in messages.

0 Likes
Reply
MalliBoppe

‎Jul 28 2020 10:28 PM

‎Jul 28 2020 10:28 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@RijutaKapoor  I think the issue has been resolved now. I was told by teh MS engineer that the issue impacted the Australia region.

0 Likes
Reply
RijutaKapoor

‎Jul 29 2020 06:11 PM

‎Jul 29 2020 06:11 PM

Re: TiIndicators not showing up in ThreatIntelligenceIndicator Logs

@MalliBoppe - Yes the issue was affecting Australian customers and now it has been resolved. 

0 Likes
Reply