@Matt_Lowe Is it possible to use this to prevent certain logs from being
ingested? Xpath for DCR is not customization enough for us to drop
certain logs. We are currently trying to drop certain WindowsEvent table
logs(windows event forwarding). This certain event is very noisy and has
no value. We c...
Hello, Very helpful blog thank you. I have a question though , is this
way of automation is recommanded rather than using playbooks/logic apps
to trigger the notebooks i need in the context of SOAR capabilities of
sentinel ? like is it better ? if so how ?
Hi,i've tried implementing this feature and it was working, but now it's
failing with error:POST action failedPOST failed. Missing required
permissions for Microsoft Sentinel on the playbook resource
'/subscriptions/XXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Logic/workflows/XXXXXXX'ThanksF...
A question can this be setup for tables like the SecurityEvent and
SecurityAlert table. I did the following and could not get it to work.
{"Name": "Test Windows Security Logs Table Access","Id":
null,"IsCustom": true,"Description": "Enable users to monitor WIndows
servers Security Events and Alerts"...
GreetingsI was quick to onboard our Sentinel workspace into our Defender
tenant but was then just as quick to find the features available from
the Defender portal to be lacking, at least from the perspektive of the
workflow we have established in Sentinel over the years.The feature most
important to...
Latest Comments