User Profile
PhilippeAugras
Brass Contributor
Joined Aug 04, 2020
User Widgets
Recent Discussions
DLP Rule with very - too - long exception setting
Hello, I have a request from my client asking for an alert to be generated whenever a user sends an email to a freemail service such as gmail. Client has a huge list of exception and whenever I try to implement this with a Compliance DLP rule's exception related to the recipient's domain, I get an error stating that "The generated rule blob is too long. The maximum length is 81920 and the length of the rule blob is 256040.". I tried to split the exclusion list between several rules in the same DLP policy but I get a lot of false positive. Any idea if this limited size can be overriden ? I guess that it would be better to implement this in Exchange but does Exchange Rules have the same kind of size limit ? Regards, P.2.1KViews0likes2CommentsCreate DLP rule / alerts for specific activities
Hello, I'm trying to create alert from activites that - in themselves - are not dangerous. For example: alert when a document with Credit Cards numbers is discovered, alert when someone uploads a document to an approved web service (don't ask me why, it's my client wish). Is that even possible ? And if it is, how do I implement such rules ? I'm new to Compliance, I apology in advance for asking something that may be obvious. Regards, P.OfficeActivity: is it possible to extract an email recipient ?
Hi, here's the situation: my client wants a Sentinel workbook showing the most common email subject - so far, no problems - AND also showing the recipient. As Hamlet would say, there is the rub: is there a way to find an email recipient from OfficeActivity table ? The "send" , "sendas", "sendonbehalf" activities do not mention the mail recipient. Is there a way to collect this from OfficeActivity table or do I have to query Office directly via an API ? Regards, P.2.5KViews0likes1CommentRe: Azure Activity data collector with Azure Policy : data is not ingested
Sorry for my misunderstanding. The policy show 100% Compliant, no errors. Problem - ? - is that the policy also tells me there's no ressource associated. I scoped it to the Subscription I want to monitor via Azure Activity connector - as per MS doc. But do I need to add my Sentinel Log Analytics workspace as a resource to this policy ?2.5KViews0likes3CommentsRe: Azure Activity data collector with Azure Policy : data is not ingested
GaryBushey , thank you for your answer. The diagnostic settings worked with the old version of the connector. The new one relies on an Azure Policy that i supposed to send the activity to Sentinel's log. Or do I also need to configure the diag settings for this new connector ? It's not mentioned in MS's docs. Regards, P.2.6KViews0likes5CommentsAzure Activity data collector with Azure Policy : data is not ingested
Hi, I have been fighting with the new Azure Activity data connector. I deploy the policy with the wizard the the connector page, scope it to my subscription but nothing happens. My Policy shows as Compliant, the Log Analytics workspace is in the scoped subscription but nothing happens. It's not the first time that I'm stuck with this problem and I think I've been applying MS' official documentation. Any idea what I should check ? Regards, P.Solved2.8KViews0likes7CommentsOrchestrator 2019 - Web console keeps prompting for credentials
Hello, another question regarding the Orchestrator web console : when I'm on the SCO server, no problem, I connect directly to web console. When I'm remote, I'm prompted with credentials. I tried a lot of things : modified sites to use the SC2012 application pool instead of the default, added the web server to the local intranet site when I use IE from remote... nothing works. Any idea please ? Regards, P.863Views0likes0CommentsOrchestrator 2019 - Web console and web service broken after UR3
Hin IU'm facing the following behaviour: I installed a Orchestrator 2019 on a single server. All the components are local except for the SQL Instance. RTM install is fine and everything works. After UR3 - and after following instructions from https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/hh473578(v=sc.12)?redirectedfrom=MSDN - the Web Console and the Web Service do not work anymore. I have uploaded the corresponding errors. Has anyohne heard about this kind of problem ? Regards P.Solved1.4KViews0likes1CommentSCOM 2019 - configure web console to use SSL AFTER installation ?
Hi everyone, a client installed SCOM 2019 + UR3. He uses the web console with HTTP and wants to use HTTPs now. Any article/documentation related to this ? I only find docs related to SCOM 2012/2016 that are out of date - most of them mention a webhost folder that does not exist anymore. I tried to configure it and whenever I connect with HTTPs, I get an authentication request, event if my account is SCOM admin. Any idea, anyone ? Thanks :). Regards, P.1.1KViews0likes0CommentsSCOM 2019 - Linux monitorint - 100 % Gateways resource pool : need for certificate export ?
Hello, I have one question regarding Linux monitoring. My client needs to monitor Linux servers and will use resource pools constituted only with Gateway servers (network specifications make impossible the use of Management Servers). I'd like to know if I have to deploy certificates between gateways from the same resource group if I want to maintain failover with the resource group. And if I have to deploy the gateway certificates also to the central Management Servers that will eventually really monitor the Linux boxes. Thanks in advance . Regards, P.Solved969Views0likes2CommentsSentinel automation - create Analytics alert rules from Alert rule templates using PowerShell
Hi, I regularly deploy Sentinel to several clients as part of Security Workshops and every time, I spend a lot of time enabling scheduled analytic rules related to the deployed connectors. I'd like to use PowerShell and I found the AzSentinel module today. I can use it to create a scheduled analytic rule but even if I give a template name, I still have to provide severity, trigger and so on. I wanna use default values from the template. I thought about exporting those rules from an already existing Sentinel environment but if the Sentinel template changes, my export becomes worthless for new clients. Does anyone have an idea about how to do that ? I mean, being able to create a scheduled analytic rule from a template name by only providing a new alert rule should be something easy, right ? Regards, P. AugrasSolved3.4KViews0likes3CommentsWhen creating resource group on budgeted subscription, sent to "create an azure free account" portal
Hello everyone, unusual problem today: I added an Azure Pass subscription with 1000$ budget this morning but whenever I try to create a new resource group, I'm rerouted to "create a free azure account" portal. I'm Global Admin on the tenant and Onwer of the Azure Pass subscription. Any idea why I can't create my RG ? Regards, P.Solved625Views0likes1Comment
Recent Blog Articles
No content to show