1,305 questions
1,305 questions with Microsoft Security | Microsoft Sentinel tags
5 answers
Problem with Microsoft Sentinel Connector
Hello, for test i have deploy sentinel 2 or 3 time and after that i delete Workpace. Now i have recreted new Workspace and when i try connect connector i recevive the following error: I have just try to find if there are other diagnostics settings but…
Microsoft Security | Microsoft Sentinel
asked 2025-02-01T09:06:59.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGI%3C/text%3E%3C/svg%3E)
Guido Imperatore
50
Reputation points MVP
answered 2025-08-12T07:12:37.1066667+00:00
Guido Imperatore
50
Reputation points MVP
3 answers
SecurityEvent Table Transformation DCR not working
I'm having an issue with ingestion on to a Workspace that is connected to Microsoft Sentinel. I have created a Transformation DCR / Ingestion Time Filter on the SecurityEvents table, but am still seeing events in the logs that should have been filtered…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-08-09T18:36:16.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 54%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Greg Sneed
20
Reputation points
edited an answer 2025-08-11T19:06:39.8533333+00:00
EduardsGrebezs
941
Reputation points
2 answers
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE operation performed by service principal. Received an alert in Microsoft Sentinel however, we are unable to trace the details of the service principal.
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE operation performed by service principal. Received an alert for the same in Microsoft Sentinel however, we are unable to trace the details of the service principal. As I understand it could be performed by…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-16T06:15:28.7466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 56.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Harshita Mittakori
0
Reputation points
answered 2025-08-11T18:56:02.8233333+00:00
EduardsGrebezs
941
Reputation points
2 answers
Creating Data Collection Rule in Azure Sentinel.
Hi there. Several days I'm trying to create Data Collection Rule to collect only specified events from event viewer. If I specify in the DCR to collect All Security Events then I can see that logs are received and I can query/filter Logs and see…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-25T08:53:15.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Renat Khamzin
21
Reputation points
answered 2025-08-11T18:50:27.2233333+00:00
EduardsGrebezs
941
Reputation points
1 answer
List of triggers for different severity levels for alerts.
Hello, I would to like to point out that I can’t find full documentation of what determines the severity level for every single alert that is ingested into Microsoft Defender XDR or Sentinel. I would like to know every single trigger for High, medium and…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-08-06T13:55:11.5333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 96%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jvlivemicro
0
Reputation points
commented 2025-08-11T15:31:53.8766667+00:00
Jvlivemicro
0
Reputation points
1 answer
Cant Import Sentinel Alert Rules
Good morning, I am having difficulty importing sentinel rules after I deleted old ones. I deleted the old rules on friday 9/27 9am EST and am getting the error the rule with ID 'xyz' was recently deleted. You need to allow some time before re-using the…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-09-30T13:22:40.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Eugene Golovanyuk
45
Reputation points
commented 2025-08-05T15:00:32.24+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 7.000000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Émilio Gonzalez
0
Reputation points
3 answers
Microsoft sentinel not ingesting M365 connector data
Greetings, we have this situation where the data connector for M365 isn't ingesting logs to sentinel. The connector shows as connected, but no logs are being ingested From the health data, they give this message: "Tenant does not exist in the O365…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-05-01T11:58:52.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Brandon DeVane
0
Reputation points
commented 2025-08-05T14:50:16.4233333+00:00
Brandon DeVane
0
Reputation points
2 answers
One of the answers was accepted by the question author.
How to resolve about Sentinel and XDR not connecting properly.
We are currently doing integration testing between Sentinel and XDR. After onboarding and offboarding the workspace from XDR side several times ,following the steps provided in Microsoft's official documentation, encountered the following…
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,551 questions
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-11-23T16:11:42.9666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 14.000000000000002%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Ryo Suzuki
25
Reputation points
edited an answer 2025-08-04T03:14:12.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 11%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pradeep M
9,785
Reputation points Microsoft External Staff
Moderator
2 answers
Cannot enable UEBA feature on Sentinel
Hi, I'm having some issues while trying to enable the UEBA feature in a Sentinel instance. When I try to turn the switch ON, I get the following error message: "Updating the Entity Providers failed". I've seen 2 questions related to this…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-11-06T12:02:39.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 15%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Alberto Barrado Jiménez
5
Reputation points
edited a comment 2025-08-03T15:25:49.63+00:00
Pradeep M
9,785
Reputation points Microsoft External Staff
Moderator
2 answers
Unable to create sentinel lab solution from marketplace
Hello, Unable to create sentinel lab solution from marketplace. It keeps saying terminal provisioning failure,
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-10-18T05:43:05.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 1%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES3%3C/text%3E%3C/svg%3E)
SantoshHaribabu-3135
41
Reputation points
edited a comment 2025-08-02T13:37:24.0666667+00:00
Pradeep M
9,785
Reputation points Microsoft External Staff
Moderator
0 answers
Issue with Sentinel Watchlist Sync – Entries Not Reflecting in Queries
There is more than 100 watchlist in Azure Sentinel Workspace but only 7 is displayed. Is this a known issue?
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-29T14:15:26.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 2%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
ZTS
40
Reputation points
commented 2025-08-01T15:23:17.6566667+00:00
Raja Pothuraju
29,560
Reputation points Microsoft External Staff
Moderator
1 answer
Sentinel to Jira intergration
Hi team, Currently i am working on sentinel to jira integration, i couldn't find any better documentation for the process. Iam focusing on this for Auto-creation of tickets in Jira for incidents generated in Sentinel. Bi-directional sync for assigned…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-08-23T04:11:44.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 85%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jithin Raj
0
Reputation points
commented 2025-08-01T15:14:46.7833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 21%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Johnny Waterschoot
0
Reputation points
3 answers
Timezone used by Azure Sentinel
What timezone is used by Azure sentinel? Below are what showing up in the Sentinel portal. Last update time 01/02/21, 08:41 AM Creation time 01/02/21, 08:41 AM
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2021-01-19T17:28:08.26+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 40%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VizPro1985
6
Reputation points
commented 2025-07-29T13:37:09.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 28.999999999999996%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
Brynel Peter Libera (CONVERGYS CORPORATION)
100
Reputation points Microsoft External Staff
2 answers
One of the answers was accepted by the question author.
Summary rules - showing 404
I can no longer view summary rules. When I click on Summary rules it shows an error "NOT FOUND" Anybody noticed this lately? It was working pretty well before 5th of December.
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2024-12-09T11:03:30.0666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
20
Reputation points
edited a comment 2025-07-31T06:09:07.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RNareddy
2,505
Reputation points Microsoft External Staff
Moderator
2 answers
How to find out which of several authenticators was used in a sign-in?
We are using MFA with Microsoft Authenticator for user sign-ins to our tenant. Many of our users have registered more than one Microsoft Authenticator instance. Sometimes this is deliberate, in order to have a backup in case the primary smartphone is…
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,551 questions
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-01-13T13:20:23.8366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
140
Reputation points
edited a comment 2025-07-21T11:51:55.51+00:00
Tilman Schmidt
140
Reputation points
0 answers
Unexpected connections to an IP address located in Nigeria
Hello everyone. In the last few months we have seen over 400 direct connections to this IP address: 196.49.32.6, which is associated with the Internet Exchange Point of Nigeria (IXPN). The URLs associated with the connections appear to be related to…
Microsoft Security | Microsoft Sentinel
1,305 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 5%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
How do you change the Created Time timestamp in Azure Sentinel from Local Time to UTC
Azure Sentinel currently does not report the creation time of an incident in UTC and as we are an MSSP, it is a requirement that we standardise all timestamps to UTC. This is already consistent with the data when it is pulled from the API but we need to…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-16T13:33:35.77+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 61%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Brandon Goh
20
Reputation points
accepted 2025-07-23T02:30:43.34+00:00
Brandon Goh
20
Reputation points
0 answers
Alternative methods for ingesting Cisco Umbrella logs into Microsoft Sentinel
I have a client that only wants to use Sentinel as a SaaS application. This excludes them from using a VM for log forwarding syslog/cef. They want to ingest their Cisco Umbrella logs but the only method that I can find is via REST API and Azure Function,…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-22T18:31:36.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 18%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Valenzuela, Julia
0
Reputation points
asked 2025-07-22T18:31:36.82+00:00
Valenzuela, Julia
0
Reputation points
0 answers
401 UnauthorizedAccess when calling STIX Threat Intelligence Upload API
We are calling the Threat Intelligence Upload API (Preview) using a registered Microsoft Entra app. We’ve followed all required steps: App is registered in Entra ID with correct permissions client_credentials flow is used with scope…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-24T02:40:00.4933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
vinayakshastri
25
Reputation points
asked 2025-07-24T02:40:00.4933333+00:00
vinayakshastri
25
Reputation points
0 answers
i am using my student acc for access azure portal but credit info is aasking, but why?
i am using my student ID to get free access for azure portal and use sentinel but this error is occurring An error occured when trying to fetch resources. Additional details from the underlying API that might be helpful: Please provide below info when…
Microsoft Security | Microsoft Sentinel
1,305 questions
asked 2025-07-30T06:52:49.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 30%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AREEB MOHSIN
0
Reputation points
asked 2025-07-30T06:52:49.79+00:00
AREEB MOHSIN
0
Reputation points