Jul 13 2023 11:57 AM
Hi there,
The Azure Activity Connector from the Sentinel Content Hub is not working for me.
I launched the Azure Policy Assignment wizard and created the Azure Policy as instructed.
For testing, I created and deleted a resource group.
The Azure Activity Log shows entries for the creation/deletion of the resource group.
Azure Policy shows the new collection policy - the scope is set at the subscription level, so no filtering, and it's Compliance state is 'compliant'.
Has anyone recently configure the Azure Activity connector? Any surprises?
Thanks.
Jul 13 2023 12:58 PM
@SocInABox you mean your not getting any incident in the sentinel portal when your creating or deleting a resource group in azure ?
Jul 13 2023 03:40 PM
SolutionJul 13 2023 03:57 PM
Jan 20 2024 02:31 AM
@eliekarkafy I have not been able to get it working. I have waited 10+ hrs and when I go to Data Connectors it still says not connected!!
If anyone could help please?
Feb 05 2024 09:40 AM
There could be a number of reasons Azure Active data connector is disconnected. Has it ever been connected, or did it disconnect after working? If you haven't ever had it connected, I would check a few things:
1. Make sure you disconnect from legacy methods.
2. Make sure that your policy scope is at the resource group level. It will not send data at the subscription level.
Also make sure that you have checked the remediation task and set the remediation task.
Finally, be sure to look in the Log Analytics workspace to determine if you have logs coming in.
Jul 13 2023 03:40 PM
Solution