Apr 24 2019 03:37 AM
I activated sentinel yesterday but get no data was found like in the image below. Is there anything I have missed?
Apr 24 2019 08:38 AM
What [Data Connectors] have you added?
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
1. Cases (top right) needs you to have created an Alert entry in [Analytics] - see https://docs.microsoft.com/en-us/azure/sentinel/quickstart-get-visibility#create-new-detections
2. The map (middle bottom) needs data from at least one of these data sources:
- W3CIISLog (enable in Log Analytics)
- Wiredata (enable in Log Analytics)
- WindowsFirewall (Sentinel Connector)
- CommonSecurityLog (Sentinel Connector)
- VMConnection (Enable in Log Analytics)
or DnsEvents (Sentinel Connector)
You can see your Data in your workspace from the Schema items
Apr 25 2019 02:38 AM
@CliveWatsonOk, Thanks, Have made some progress with the IIS log. I am trying to get this into the Grafana Worldmap but I suppose this is another issute. Having problems with country codes and that IIS writes the full country instead of US or SE. Will try more and thanks for your response.
@CliveWatson wrote:
What [Data Connectors] have you added?
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
1. Cases (top right) needs you to have created an Alert entry in [Analytics] - see https://docs.microsoft.com/en-us/azure/sentinel/quickstart-get-visibility#create-new-detections
2. The map (middle bottom) needs data from at least one of these data sources:
- W3CIISLog (enable in Log Analytics)
- Wiredata (enable in Log Analytics)
- WindowsFirewall (Sentinel Connector)
- CommonSecurityLog (Sentinel Connector)
- VMConnection (Enable in Log Analytics)
or DnsEvents (Sentinel Connector)
You can see your Data in your workspace from the Schema items
Apr 25 2019 04:27 AM
If you don't mind creating your own list?
W3CIISLog | extend countrycode = case(RemoteIPCountry == "UnitedStates","US", RemoteIPCountry == "United Kingdom","UK", // add others here "Unknown Country") | where isnotempty(RemoteIPCountry) | project RemoteIPCountry, countrycode