Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

UEBA: tables missing in azure sentinel logs

Brass Contributor

Hi all, 

 

so I noticed that cross different tenants the amount of UEBA tables in Azure sentinel are not the same.

I assume that you normally have 4 tables:

- BehaviorAnalytics

- IdentityInfo
- UserAccessAnalytics
- UserPeerAnalytics
 
This is wat i encountered in on 2 different tenants with the same settings:
 

 

2021-03-24 14_47_54-Azure Sentinel - Microsoft Azure and 10 more pages - Operator - Microsoft_ Edge.png2021-03-24 14_45_11-Azure Sentinel - Microsoft Azure and 10 more pages - Operator - Microsoft_ Edge.png

 

For some reason on an other tenant the identityinfo table is missing. 

I have checked the entity behavior settings and all 4 of data sources are enabled. 
 

Any idea's?
 
Kind Regards
Louis
0 Replies