Forum Discussion
When do items show on the Potential malicious events map?
MicrosoftHi GaryBushey
When you run the first query in "Prepare your query" section you get no rows returned? This normally indicates you don't have data in at least of one the 6 tables + a MaliciousIP address match.
Do you have any Inbound or Outbound traffic, show up on the Sentinel Home Page - that would indicate you have the right data and a match?
CliveWatson that is the issue. When I run the query in the Logs page I get data but nothing shows up on the Potential Malicious events map. Does it ignore the time range selected at the top of the page as I had to go back a while to get data when running the query in the Logs page.
- CliveWatsonOk...I'll take a look in the next few days. I have an updated version ready to go into the Github but haven't got around to uploading yet.
- CliveWatson
1. Yes its using the Time Picker Parameter (called [TimeRange] ). So in this screenshot you would see any data from the last 7days.
2. If you EDIT the workbook, and swap the visualization (see red arrow) from MAP to GRID do you still see data, when you "run query"? I do a Top 10 on the very last line, you can comment that out to see more data (if any).
