Forum Discussion
When do items show on the Potential malicious events map?
What is needed to get items to show up on the Potential malicious event map on the Overview page? I read
and based on the query, I should have items show up here but I am not seeing anything.
GaryBushey you can work with query to grabs a data like, Longitude and Latitude, City and State etc..
You've many related Workbook in the Azure Sentinel GitHub like UserMap.json and others.
The following blog post can clarify a few points.Eli Shlomo thank you for your reply but I am asking specifically about the Potential malicious events map on the home page. I was able to get the information to show up in a workbook. 🙂
- CliveWatson
Microsoft
Hi GaryBushey
When you run the first query in "Prepare your query" section you get no rows returned? This normally indicates you don't have data in at least of one the 6 tables + a MaliciousIP address match.
Do you have any Inbound or Outbound traffic, show up on the Sentinel Home Page - that would indicate you have the right data and a match?
CliveWatson that is the issue. When I run the query in the Logs page I get data but nothing shows up on the Potential Malicious events map. Does it ignore the time range selected at the top of the page as I had to go back a while to get data when running the query in the Logs page.
- CliveWatson
1. Yes its using the Time Picker Parameter (called [TimeRange] ). So in this screenshot you would see any data from the last 7days.
2. If you EDIT the workbook, and swap the visualization (see red arrow) from MAP to GRID do you still see data, when you "run query"? I do a Top 10 on the very last line, you can comment that out to see more data (if any).
