monitoring
72 TopicsMicrosoft Power BI connector for Microsoft Sentinel
Since the Microsoft Power BI connector for Microsoft Sentinel currently does not support data collection rules (DCRs), how can we transform or filter the data and monitor the logs? Is there any documentation available on this?3Views0likes0CommentsAzure-related events in a separate Log Analytics workspaces
Hi all, I have question about collecting Azure-related events (Entra ID, Office365, Microsoft Defender and etc.) in a separateLog Analytics workspaces. Architecture: - One Azure tenant - Four subscriptions - Log analytics workspace in every subscription - Microsoft Sentinel enabled on everyLog analytics workspace My question is: what is the best practice or the best way to collect specific Entra ID events (e.g., events related to accounts used by the finance department) in a specific Log Analytics Workspace (LAW) dedicated to the finance department? Also,how can I collect other events for Office 365 and Microsoft Defender (related to the finance department) and store in (LAW) dedicated to the finance department? I want to store those events in the default tables for Entra ID, Office 365, and Defender within the LAW. I do not want to store the filtered data in custom tables within the LAWs.285Views0likes1CommentQualys Vulnerability management integration with Function app
Hello, I have deployed Qualys VM with sentinel by Azure function app. I am not getting any error, function app is working fine. I am getting blank output: Furthermore, I have not added any filter parameter in environment variables and don't have any idea what could be added here. Since the output is blank Qualys data connector is showing status disconnected. If anyone can help me out please comment below. TIA305Views0likes0CommentsSalesforce to Sentinel Integration
Hello Tech community, With one of our customers, we are working on an integration of Salesforce with Sentinel and everything seems to work well but there are a few doubts. Has anyone worked on such integration? Is it worth ingesting Salesforce logs into Sentinel (asking because currently, we see only Login and Logout logs)? Do you know if we need to configure anything on Salesforce or Sentinel (Azure) side to get more logs?3.2KViews0likes8CommentsCEF Collector ingesting logs to 'Syslog' table instead of 'CommonSecurityLog'
I am forwarding Palo Alto and Fortinet Firewall logs to the CEF Collector but in Sentinel it is showing logs in 'Syslog' table instead of 'CommonSecurityLog'. What could be the issue? Everything is in place including DCR as well.537Views1like0CommentsSentinel SIEM - Logs Query Loading issue
the issue is related to "Logs" tab under Sentinel when we open any query-> edit and make the required changes -> run it -> results observed further, then if we copy this new query link --> we will have old query itself also if we open new tab then in previous tab we will have old query -> but results will be for new query. kindly suggest to solve this issue.450Views0likes1CommentAzure DevOps Service as ActorDisplayName in Sentinel Logs
Hello there, While creating alerts for group membership update using AzureDevOpsAuditing table in Sentinel, we observed logs for user addition/removal from certain groups where ActorDisplayName displays "Azure DevOps Service". I believe this is a service and not a username/account. On checking with the team doing these changes, they confirmed they haven't done such activity wherever displayname is this account. In what cases will the DisplayName be captured as "Azure DevOps Service"?792Views0likes3Comments