User Profile
Sergei2435
Brass Contributor
Joined Jul 17, 2020
User Widgets
Recent Discussions
Cloudflare to Sentinel
We use the MS Cloudflare connector (Function) and Cloudflare Logpush to Azure to onboard Cloudflare logs into Sentinel. Logs are being ingested into the storage account container without any issues. We restricted the storage account to Cloudflare IPs to make the storage account secure and meet compliance requirements. Immediately after the restriction was added, the function app stopped talking to the storage account and started throwing authentication errors. Whitelisting function IPs didn't make any difference. In our opinion, scaling the function app plan from consumer to premium and enabling Vnet integration will resolve the issue. By default, the function is deployed via an arm template in a consumer plan. I would greatly appreciate any suggestions or thoughts you might have.SolvedRe: How to monitor multiple Github orgs with Github Enterprise Audit logs Data connector
Also, I managed to deploy the solution, but it is not ingesting security logs, and we are receiving duplicate logs on top of that. The discussion regarding duplicate logs can be found here in more detail. https://github.com/Azure/Azure-Sentinel/issues/1384 I raised an issue as a bug. The details can be found at https://github.com/Azure/Azure-Sentinel/issues/9356 I look forward to hearing back from them. Porter76I would appreciate it if you could let me know if you found an alternative solution. Many Thanks2.4KViews0likes2CommentsSignIn Office Location
Hi, I am trying to develop a query which determines how many users sign in from each office around the country. For the location of each office, I have the latitude and longitude. The following was my initial approach: 1. Create a table with the office name, latitude and longitude 2. Generate geohash value 3. Generate geohash value for sign-in geocoordinates in the SignIn table 4. Join two tables on geohash value let Office = datatable(Office:string, longitude:real, latitude:real) [ "Durham", double(-78.90213775634764),35.99591827392578, "LondonStrand", double(-0.016599999740719796),51.58330154418945, "NYNEW", double(-0.7399736916),40.75118126 ] | extend geohash = geo_point_to_geohash(longitude, latitude); //Office let SignIn=SigninLogs | extend latitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).latitude) | extend longitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).longitude) | extend geohash = geo_point_to_geohash(latitude_, longitude__); Office | join kind=inner SignIn on geohash When I try to get geohash from SignIn logs, I receive an error. I'm a bit lost now after hitting a brick wall for so long. Any suggestions would be greatly appreciated. Possibly another approach? Many Thanks1.3KViews0likes3CommentsRe: How to add multiple workspaces to Azure Sentinel
Clive_Watson Clive, I think Fahad was asking if it's possible to map one Sentinel instance to multiple workspaces. @FahadAhmed Please let me know if I'm wrong, Fahad. If we follow your suggestion Clive, we will have multiple Sentinels: one for each log analytics workspace. That seems right to me. It is not possible to connect multiple workspaces to a single Sentinel instance, isn't it? Thanks5.5KViews0likes4Comments
Recent Blog Articles
No content to show