Member: tipper1510 | Microsoft Community Hub

Recent Discussions

Using Playbook_ARM_Template_Generator
Hi, Trying to use the Playbook_ARM_Template_generator where a user assigned managed identity is used for connections. The generator doesn't seem to strip this out and then complains on deployment. Anyone had any success with this? Many thanks, Tim
Dec 19, 2024 Place Microsoft Sentinel
automation
siem
7Views
0likes
0Comments
Permissions Reuired to Tune Alert
Hi, Need to enable a group of content delivery specialists to be able to tune alerts within Defender XDR. Is there an Defender RBAC role to cover this or does an Entra ID role need applying? Regards, Tim
Aug 29, 2024 Place Microsoft Defender XDR
Alerts
microsoft defender for endpoint
Microsoft Defender for Office 365
185Views
0likes
0Comments
Unified Portal - Sentinel incident losing set tactics
Hi, Just trialling the unified portal, and incidents in Sentinel seem to lose any tactics set via the analytic rule. Plus the resulting incident has a slightly different title, assume after being converted to 'Defender speak'. We have a standard rule TI MAP IP entity for Office365 and the incident is TI Map IP entity for Office365 involving one user and the tactic is missing even though its in the original rule? Anyone else experiencing the same? Regards, Tim
Jun 28, 2024 Place Microsoft Sentinel
Analytics
integration
407Views
0likes
1Comment
String functions within playbooks
Hi, Have the following string that I need to tidy up: "hostname","{\r\n \"LastLog\": [\r\n \"2024-06-25T16:15:35.751991Z\"\r\n ]\r\n}" so it can have hostname 2024-06-25 16:15:35 I have attempted to combine replace statements with no luck... Any ideas.. Many thanks, Tim
Jun 28, 2024 Place Microsoft Sentinel
playbooks
312Views
0likes
1Comment
Threat Intelligence Pane in Sentinel Broken
Hi, It seems that the 'Threat Intelligence' pane within Sentinel is broken. It seems to have been updated with a new search capability but displays as below with an error: Anyone else getting this? Regards, Tim
May 24, 2024 Place Microsoft Sentinel
siem
threat intelligence
407Views
0likes
1Comment
Use of TimeRange parameter in workbooks
Hi, I use the timerange parameter as: | where Timestamp >= {TimeRange:start} and TimeGenerated <= {TimeRange:end} but need to incorporate into: | where Timestamp between ( startofday(ago(14d)) .. endofday(ago(7d)) ) Any tips please... Regards, Tim
Dec 18, 2023 Place Microsoft Sentinel
Dashboards
KQL
kusto
972Views
0likes
4Comments
New Threat Intelligence Upload Indicators API data connector
Hi, Currently using the current 'Threat Intelligence Platforms' data connector. The document suggests the new TI solution should work in the same way. Has anyone proved this yet? Regards, Tim
Jul 14, 2023 Place Microsoft Sentinel
integration
siem
threat intelligence
768Views
0likes
2Comments
Azure Web App and Integration of KeyVault
Hi, Attempting to use an web app to support the integration of an HTTPS forwarder for Prisma logs. Have created a key vault to store the workspace id and primary key for the workspace and have turned on the system identity. The managed identity has the required access to retrieve from the key vault. The issue is where does the key vault get defined withinthe web app? Any help would be much appreciated. Many thanks, Tim
May 26, 2023 Place Microsoft Sentinel
Data Collection
integration
Log Data
siem
369Views
0likes
0Comments
Integration of SAP Hybris
Hi, Has anyone ingested logs into Sentinel from SAP Hybris?? Many thanks, Tim
May 17, 2023 Place Microsoft Sentinel
azure
integration
Log Data
siem
588Views
0likes
0Comments
MDE Onboard syslog/cef collectors. Possible?
Hi, Can you onboard syslog/cef collectors running either the legacy agent or the new AMA to MDE without affecting the log collector capability? Regards, Tim
Apr 27, 2023 Place Microsoft Defender for Endpoint
1KViews
0likes
5Comments

User Profile

tipper1510

User Widgets

Recent Discussions

Using Playbook_ARM_Template_Generator

Permissions Reuired to Tune Alert

Unified Portal - Sentinel incident losing set tactics

String functions within playbooks

Threat Intelligence Pane in Sentinel Broken

Use of TimeRange parameter in workbooks

New Threat Intelligence Upload Indicators API data connector

Azure Web App and Integration of KeyVault

Integration of SAP Hybris

MDE Onboard syslog/cef collectors. Possible?

Groups

Recent Blog Articles

Re: Permissions Management: Defender XDR's RBAC Walkthrough for Microsoft Defender for Office 365

Re: Boost your detection and response workflows with alert tuning

Re: Export Microsoft Sentinel Playbooks or Azure Logic Apps with Ease

Re: Export Microsoft Sentinel Playbooks or Azure Logic Apps with Ease

Re: Identity Protection alerts now available in Microsoft 365 Defender

Re: Migrate to Azure Monitor Agent for better security, reliability and ease of management

Re: Defender for Endpoint and Defender for Cloud- which dashboard should you use?

Re: What's New: Azure Sentinel Logic Apps Connector improvements and new capabilities

Re: Announcing Microsoft 365 Lighthouse for Managed Service Providers serving small & medium cus

Re: What's new: Watchlist is now in public preview!