Microsoft Power BI connector for Microsoft Sentinel
Since the Microsoft Power BI connector for Microsoft Sentinel currently does not support data collection rules (DCRs), how can we transform or filter the data and monitor the logs? Is there any documentation available on this?4Views0likes0CommentsLogic app to close adminstrative tasks
I am trying to create a logic app that closes adminstrative tasks in sentinel after checking Userprincipalname and IPaddress. It will also check if the userprincipalname exists in a watchlist at the same time. But this didn't seem to work, can i get any help here?213Views0likes1CommentAzure Sentinel - Run Antivirus Scan using Logic App
Hello, I have to integrate antivirus run scan into azure sentinel using playbook (template Run MDE Antivirus - Incident Trigger). According to the prerequisites, I need to grant some permissions using powershell command. "Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App." From the powershell, I enter the following command: $MIGuid = '0fff8f4e-xxxx-xxxx-xxxx-xxxxxxxxxxxxx' $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid I receive the following error message Get-AzureADServicePrincipal: You must call the Connect-AzureAD cmdlet before calling any other cmdlets. Any idea ? PS: I'm not a developper... Regards, HASolved3.1KViews0likes9CommentsWorkspace Manager - Importing analytics to parent for children
Greetings, I have a Central workspace manager Sentinel (no data is ingested). However we have some Sentinel workspaces that have data connectors and data being ingested and are monitored by a SOC. We would like to be able to save analytics to this central workspace and deploy the analytics to the child workspaces. However we cannot save the rule in the central workspace as the table does not exist. For example I have an Okta analytic in a child workspace, where the query will query the Okta_CL table and some of the fields. I have exported it from the child and wish to import to the parent workspace so I can distribute to other children using Workspace manager. However I get an error because the Okta_CL table does not exist and does not have the fields. Does anyone have any ideas of how we can work around this to "force" the analytic to be present in the parent tenant? The children tenant CANNOT be linked in workspace manager. EDIT - Example error below. Status Message: Error in EntityMappings: The given column 'column_name' does not exist. (Code:BadRequest) Regards140Views0likes0CommentsFeed data location to run against Sentinel's KQL function
Hi, We have a feed consisting of around 250,000-300,000 entries and will be imported daily. We do not intend to store this data in Sentinel as a table and would like to store it somewhere else (Cosmos, storage, etc.) from where we can grab this data and run it against one of our Sentinel's KQL functions to generate Alerts. Planning to use Logic Apps/Functions to do the above actions. But would like to know what would be the right solution here so that comparing the feed data against KQL function results would be fast and not of high cost Thank you !!283Views0likes1CommentSentinel workbook
We are creating a workbook to list all the active analytics rules with the source table name. We are able to list the analytics rules using Azure resource manager API but unable to display source table name of the rules. Please suggest Also, trying to display the list of analytics rules with zero incident created.324Views0likes1CommentSentinel Data collection rule initial setup
I am trying to setup a Data collection rule (common event format (CEF) via AMA) for getting our firewall logs into sentinel via a syslog server, but I am not sure what facility(ies) to use, is there an article about the setup of this (these) rules? I tried doing searches but have found nothing relevant409Views0likes3CommentsI am learning to build Logic Apps working with Sentinel inc
Hello I am learning to build Logic Apps. The tasks will mainly involve querying Log Analytics and writing comments in incidents. How can I do this securely? I understand that I need to add the Sentinel Contributor role for the Logic App, but what next? If I need the Logic App to be able to query, do I need to give it additional access, such as Log Analytics Contributor or Reader? When I want to create a connection,I have three options: OAuth - I see that I log in with my account, and then the Logic App has access to what I have access to. Is this secure? Service Principal - I need to register an application and create a secret for it, then grant this application access to Sentinel. Can I use a single Service Principal for all Logic Apps? I understand that secrets need to be rotated – does this affect my Logic Apps? Will I need to update something to ensure everything works properly? Managed Identity - This only works within the specific Logic App? This seems like the best solution, but I managed to add a new Managed Identity to query Log Analytics, and in the next step, I wanted it to add tasks to an incident in Sentinel, and unfortunately, it didn't work. (However, I changed the last step and added it via OAuth, and it worked, allowing the Logic App to add tasks to the incident in Sentinel.) this is one of example i am working on. https://github.com/Azure/Azure-Sentinel/blob/master/Playbooks/Get-SOCTasks/readme.md adding role assignment I would be great if you can share your experiences! thank you366Views0likes1CommentParse and Create HTML in Azure Logic App
I'm working on the following Array: “Jul. 11 2024 11:38 AM, A, B, C" \r “Jul. 11 2024 11:38 AM ,A , B, C" \r “Jul. 11 2024 11:38 AM ,A, B, C" \r “ Jul. 11 2024 11:38 AM,A, B, C” \r I need to email that array on the following HTML format. It seems like "Create HTML Table" doesn't like Array. How can I convert the data above into the table below? Date Sender Recipient Subject Jul. 11 2024 11:38 AM A B C Jul. 11 2024 11:38 AM A B C Jul. 11 2024 11:38 AM A B C312Views0likes0Comments