User Profile
ahhann
Copper Contributor
Joined Jan 25, 2022
User Widgets
Recent Discussions
Re: Unified Security Operation Sentinel Vs Defender Tables
Echo to this, not all environment have the budget to ingest Device****** events into Sentinel, given the huge volume of events it produced. Thus you have an option right now to both save cost + correlating the information from Sentinel end, under the Unified SOC portal. You need to look into the monetary benefits of this integration as well, not only technical feasibility. Hope my 2 cent helps.SentinelHealth - Analytic Rules failed to run
Hi Community, anyone know what is the so call "TemporaryIssuesDelay" ? Code: TemporaryIssuesDelay Description: The rule's running was delayed due to temporary issues. Microsoft documentation didn't explain much on the error https://learn.microsoft.com/en-us/azure/sentinel/monitor-analytics-rule-integrityInaccurate TimeGenerated value in CommonSecurityLog
Hi, I'm facing a weird issue where TimeGenerated value is inaccurate when we use the query condition | where TimeGenerated >= ago() See here: As you can see above, the time is in future time compared to my local time at the right bottom. But if i use | where TimeGenerated between() or if i use the portal GUI Time Range, it able to return the correct TimeGenerated value: We notice this issue after the Linux Log Relay server timezone was changed from JST to UTC, then changed back to JST again. The server has been rebooted 3 times, which i believe the rsyslog and the ama services would take effect on the changes of timezone as well. Urgently need advise on this as it will certainly disrupt our Analytic Rule as well as Hunting query.Re: Trend Micro XDR Data connector
Clive_Watson How you even get the rest of the table to appear? I'm using the default API role in the TM Vision One, which is the one with SIEM role, generated simulation alert, Workbench can see those alert. But still no logs appeared in the Sentinel after 12 hours. Documentation on the API account is not details and confusing.
