1,349 questions
1,349 questions with Microsoft Security | Microsoft Sentinel tags
1 answer
how can participate for Advanced KQL for SecOps?
how can participate for Advanced KQL for SecOps? Best Regards. Ignacio.
Microsoft Security | Microsoft Sentinel
asked 2025-11-14T15:11:09.19+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 2%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Nacho
0
Reputation points
answered 2025-11-14T15:11:29.6033333+00:00
Q&A Assist
1 answer
What is the method for splitting Azure Sentinel costs based on the log volume originating from a specific subscription?
Hi, I have the following issue. I have one tenant with several clients, and we are in the process of implementing Microsoft Sentinel. However, it is important for me to allocate costs between subscriptions. How should I approach this? Should I create a…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-14T13:41:18.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 95%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Kajetan
0
Reputation points
answered 2025-11-14T13:42:37.9033333+00:00
Q&A Assist
2 answers
How to establish a connection to the azure activity data connector in microsoft sentinel with the trial subscritption.
Hello team, I was able to complete the Microsoft Sentinel setup, create the Log Analytics workspace, and assign the Azure policy to stream Azure activity logs. however, i was not able to establish the connection to the Azure Activity Data Connector.…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-10T00:53:37.0333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 74%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETD%3C/text%3E%3C/svg%3E)
Tejaswi Dasiganda
0
Reputation points
answered 2025-11-14T10:00:14.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 4%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Monalisha Jena
3,835
Reputation points Microsoft External Staff
Moderator
1 answer
What's the status of Microsoft Sentinel upload API?
I am writing to inquire about the current status and future roadmap of the Microsoft Sentinel upload API. As far as I am aware, this API has been in preview for some time—seemingly for a couple of years now. Could you please provide any updates on its…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-13T14:24:36.8266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Julian Bednarz
20
Reputation points
commented 2025-11-13T19:40:34.1166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shubham Sharma
1,370
Reputation points Microsoft External Staff
Moderator
0 answers
How to resolve the error 'union' operator: Failed to resolve table expression named 'Okta_CL'
I think the underlying issue is that the Okta_CL table in this environment is not populated due to the new okta connection being used which populates OktaV2_CL. I am using this out of the box Analytics rule Okta Fast Pass Phishing Detection pasted…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-22T15:10:34.16+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 75%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
John Tyson
0
Reputation points
edited a comment 2025-11-13T16:47:49.6533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
1,610
Reputation points Microsoft Employee
2 answers
Sentinel transtition to Defender portal: visibility of API/manual incidents & impact on SOAR correlation
Per your documentation, “Incidents created in Microsoft Sentinel through the API, by a Logic App playbook, or manually from the Azure portal, aren't synchronized to the Defender portal.” Microsoft Learn (We understand those incidents remain supported in…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-07T08:27:47.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 20%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Pavol Ilko
0
Reputation points
answered 2025-11-13T09:23:21.9733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Praveen Chivarla
1,845
Reputation points Microsoft External Staff
Moderator
2 answers
SQLite < 3.50.2 Memory Corruption
Anyone one has a fix for this? Are we still waiting on Microsoft? Path: C:\Windows\System32\winsqlite3.dll Installed version: 3.43.2.0 Fixed version: 3.50.2 Path: C:\Windows\SysWOW64\winsqlite3.dll Installed version: 3.43.2.0 Fixed version: 3.50.2 I…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-12T23:16:24.0566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 8%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SALVADOR MONTANEZ
0
Reputation points
answered 2025-11-12T23:18:31.2366667+00:00
SALVADOR MONTANEZ
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Unexpected connections to an IP address located in Nigeria
Hello everyone. In the last few months we have seen over 400 direct connections to this IP address: 196.49.32.6, which is associated with the Internet Exchange Point of Nigeria (IXPN). The URLs associated with the connections appear to be related to…
Microsoft Security | Microsoft Sentinel
1,349 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 5%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
3 answers
Azure sentinel-Cisco ASA Parser
Hi There, We have onboarded CISCO ASA logs into sentinel using plain syslog server. Is there a way to onboard it via CEF syslog server or is there any parser available for CISCO ASA logs. The log format is linked below …
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2022-08-23T02:27:55.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 81%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nafila Afrin
111
Reputation points
answered 2025-11-12T05:01:53.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 6%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Jeremy Hagan
0
Reputation points
1 answer
Unable to deploy "Atlassian Confluence Audit (via Codeless Connector Platform)" data connector on Microsoft Sentinel
I am unable to deploy "Atlassian Confluence Audit (via Codeless Connector Platform)"data connector on Azure Sentinel. Getting following error message: Connectivity check failed. ConnectorId: ConfluenceAuditCCPPolling, Status code:Unauthorized,…
Microsoft Security | Microsoft Sentinel
1,349 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 28.000000000000004%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
1 answer
Cyberint IOC Integration with Microsoft Sentinel Threat Intelligence Indicator table
Hi, Can anyone share procedure or logic app to integrate Cyberint IOC with Microsoft Sentinel Threat Intelligence Indicator table, Microsoft Sentinel content hub IOC integration connector is not working, we are looking for API method or logic app method…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-06T12:00:01.7566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Venkatesh
5
Reputation points
answered 2025-11-06T12:56:34.4266667+00:00
Monalisha Jena
3,835
Reputation points Microsoft External Staff
Moderator
1 answer
Sentinel wont add my Log analysis workspace it reports Internal server error
Sentinel wont add my Log analysis workspace it reports Internal server error
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-22T16:08:20.4233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 59%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Stephen Perchard
0
Reputation points
answered 2025-11-05T13:31:42.7833333+00:00
Luis Arias
9,401
Reputation points
Volunteer Moderator
0 answers
Azure SCIM User and groups provisioning - 6 months bearer token validity
How to set Azure SCIM User provisioning - 6 months bearer token validity. Can you please help us the reference articles
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-22T05:25:23.44+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 43%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Trinadh
0
Reputation points
edited the question 2025-11-05T04:47:41.99+00:00
VenkateshDodda-MSFT
25,241
Reputation points Microsoft Employee
Moderator
1 answer
Microsoft Sentinel migration to Defender Portal: Azure Lighthouse for MSSPs
Hello all! I work for a MSSP supporting Microsoft Sentinel and we currently use Azure Lighthouse to access our client's Sentinel environments. In preparation of the mandatory migration from the Azure portal to the Defender portal I am trying to…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-27T19:53:35.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 62%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Matthew Agosta
0
Reputation points
commented 2025-11-03T16:36:47.95+00:00
Matthew Agosta
0
Reputation points
0 answers
SecurityEvent logs not ingesting into Sentinel
SecurityEvent logs are not getting ingested into Sentinel, but heartbeat and ASimDNS logs are coming from the same server. Logging is happening on the servers Event viewer. The log ingestion starts again automatically after a few days. Could you please…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-15T09:31:44.71+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 42%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Norah
20
Reputation points
edited a comment 2025-11-03T10:43:45.7566667+00:00
Pauline Mbabu
1,610
Reputation points Microsoft Employee
1 answer
How to disable recommendations with severity below medium in Defender for Cloud?
This is a Defender for Cloud question, I wasn't able to find the right child tag for it. :( In reviewing recommendations in Defender for Cloud, is it possible to disable recommendations that are low severity for specific recommendations? I am interested…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-17T15:20:19.4566667+00:00
Lily
41
Reputation points
commented 2025-11-03T08:26:56.0266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Catherine Kyalo
2,545
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Contributor permissions scoped to resource group not enough to update entities for a analytics rule in Microsoft Sentinel
Hi all I'm utilising CICD for managing my Microsoft Sentinel content and am having issues with updating entity mapping for analytics rules created via the CICD pipeline. Some analytics rules and certain entity categories my pipeline is able to…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-11-03T02:32:12.9333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 99%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Butt, Kaden
20
Reputation points
accepted 2025-11-03T04:47:42.73+00:00
Butt, Kaden
20
Reputation points
0 answers
Unable to configure Microsoft XDR connector in Sentinel
Hi Currently, it is not possible to configure the Microsoft Defender XDR connector via browser from Switzerland. Access to the URL https://partnersgw.securitycenter.windows.com/api/mdgw/sentinel/workspaces/isOnboarded is blocked unless a Microsoft…
Microsoft Security | Microsoft Sentinel
1,349 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 2%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
0 answers
update error for data connector through sentinel or defender portal
I keep getting this error when i try to update a data connector for Defender XDR. It used to work up until azure had an issue. Message- The workspace is enabled through the Microsoft Threat Protection Portal. Changes to the connector in Microsoft…
Microsoft Security | Microsoft Sentinel
1,349 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 72%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
0 answers
Sophos Endpoint Protection Solution Azure App out of date
Having issues configuring the Sophos Endpoint Protection Solution marketplace app: https://marketplace.microsoft.com/en-us/product/azure-applications/azuresentinel.azure-sentinel-solution-sophosep Setup instructions are: STEP 1 - Configuration steps…
Microsoft Security | Microsoft Sentinel
1,349 questions
asked 2025-10-29T15:41:55.1033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Owen Davey
0
Reputation points
asked 2025-10-29T15:41:55.1033333+00:00
Owen Davey
0
Reputation points