Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to make the data to appear in sentinel overview map without any logs in W3CIISLog table

Brass Contributor

Hi,

 

Im trying to make the data to appear in the Sentinel overview map by following the instructions in this link. 

 

https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sent...

 

But, it seems there is no log data in W3CIISLog table. How to appear the data for map to get visible for some events?

3 Replies

@AlphaBetaGamma 

 

Answered in the other thread.  If you don't have data, you can use our demo data https://ms.portal.azure.com/#blade/Microsoft_Azure_Monitoring_Logs/DemoLogsBlade or add your own data to one of the 6 tables this solution uses, marked in Red.  

Screenshot 2020-09-28 090643.jpg

 

Instructions to add your own IIS data:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-iis-logs

hi @CliveWatson, can we populate sentinel overview page map data without from above-highlighted tables, for example instead of IIS, for example, can we pull the Office365 access IP's data? or can you let me know what are the different ways to populate the map data in sentinel home page?

@AlphaBetaGamma 

 

The Sentinel Home Page is fixed to those 6 tables for now - we are asking for feedback on that, so a perfect time to feedback - please use the link below.
Within my User Map workbook (or any others) you can use other Tables , assuming you have IP Addresses and Longitude/Latitude details.

 

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-roadmap-survey-customizable-ove...