1,309 questions
1,309 questions with Microsoft Security | Microsoft Sentinel tags
1 answer
Adding tenable.io connector to Microsoft Sentinel
I am trying to connect tenable io connector to my Sentinel instance. I have followed the steps and provided the access key and other information requested. I can see in my resource group that everything was successfully deployed with app insight and…
Microsoft Security | Microsoft Sentinel
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 51%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
1 answer
Microsoft Sentinel- Microsoft Dataverse data connector
I configured the Microsoft Dataverse connector in Microsoft Sentinel. I have a few prod dataverse environments. Enabled global audit logging Enabled entity table logging Imported the Microsoft Sentinel: Audit Settings (Dataverse) solution Purview…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-21T22:56:36.26+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 85%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Corey Mechalske
60
Reputation points
answered 2025-08-28T14:15:08.8533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
1,410
Reputation points Microsoft Employee
2 answers
Data Connector with No data
We have an O365 Data Connector, Connected. 53 users. No data. I simply want to ask Microsoft Support why, but here we are in the Q&A community ...
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-23T04:23:37.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 84%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Richard Webb | XCELIT
0
Reputation points
answered 2025-08-26T22:24:14.04+00:00
Richard Webb | XCELIT
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Issue with Duplicate Threat Intelligence Data Ingestion in Microsoft Sentinel via TAXII Connector
Environment: Microsoft Sentinel workspace Using TAXII connector for threat intelligence ingestion Tables involved: ThreatIntelligenceIndicator (old/deprecated) and ThreatIntelIndicators (new) Problem Description: I'm experiencing duplicate data…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-21T21:03:56.5433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 49%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
Talon Wolf
20
Reputation points
accepted 2025-08-26T18:52:07.2533333+00:00
Talon Wolf
20
Reputation points
1 answer
I can't enable logs from Defender XDR Data Connector in Sentinel due to "The limit of 5 diagnostic settings was reached."
Hi all, I’m trying to connect Defender XDR to Microsoft Sentinel using the native connector. When I attempt to complete the setup, I get the following error: The limit of 5 diagnostic settings was reached. To create new setting…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-22T17:34:59.1733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 96%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Jonathan Bourke | CloudAssist
0
Reputation points
answered 2025-08-26T09:29:54.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 9%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKW%3C/text%3E%3C/svg%3E)
Kristian Ward
0
Reputation points
1 answer
List of triggers for different severity levels for alerts.
Hello, I would to like to point out that I can’t find full documentation of what determines the severity level for every single alert that is ingested into Microsoft Defender XDR or Sentinel. I would like to know every single trigger for High, medium and…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-06T13:55:11.5333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 96%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jvlivemicro
5
Reputation points
answered 2025-08-21T17:58:11.7333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 65%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Sreetheja Adusumilli
325
Reputation points Microsoft External Staff
Moderator
0 answers
Sailpoint Identity function failure
Hi Everyone, We have used the built in Sentinel Data connector for Sailpoint IdentityNow. The Sailpoint team have confirmed they followed the access token steps provided in the data connector. We have successfully deployed it with the client ID, secret…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-08-21T00:27:32.4533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 3%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
Isabella Baker
0
Reputation points
asked 2025-08-21T00:27:32.4533333+00:00
Isabella Baker
0
Reputation points
1 answer
One of the answers was accepted by the question author.
What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?
I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes: AppDisplayName: Office 365 Management AppId:…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-11-07T16:22:56.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tilman Schmidt
140
Reputation points
edited a comment 2025-08-14T07:07:24.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 11%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pradeep M
9,790
Reputation points Microsoft External Staff
Moderator
5 answers
Problem with Microsoft Sentinel Connector
Hello, for test i have deploy sentinel 2 or 3 time and after that i delete Workpace. Now i have recreted new Workspace and when i try connect connector i recevive the following error: I have just try to find if there are other diagnostics settings but…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-02-01T09:06:59.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGI%3C/text%3E%3C/svg%3E)
Guido Imperatore
50
Reputation points MVP
answered 2025-08-12T07:12:37.1066667+00:00
Guido Imperatore
50
Reputation points MVP
3 answers
SecurityEvent Table Transformation DCR not working
I'm having an issue with ingestion on to a Workspace that is connected to Microsoft Sentinel. I have created a Transformation DCR / Ingestion Time Filter on the SecurityEvents table, but am still seeing events in the logs that should have been filtered…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-08-09T18:36:16.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 54%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Greg Sneed
20
Reputation points
edited an answer 2025-08-11T19:06:39.8533333+00:00
EduardsGrebezs
1,096
Reputation points
2 answers
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE operation performed by service principal. Received an alert in Microsoft Sentinel however, we are unable to trace the details of the service principal.
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE operation performed by service principal. Received an alert for the same in Microsoft Sentinel however, we are unable to trace the details of the service principal. As I understand it could be performed by…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-07-16T06:15:28.7466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 56.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Harshita Mittakori
0
Reputation points
answered 2025-08-11T18:56:02.8233333+00:00
EduardsGrebezs
1,096
Reputation points
2 answers
Creating Data Collection Rule in Azure Sentinel.
Hi there. Several days I'm trying to create Data Collection Rule to collect only specified events from event viewer. If I specify in the DCR to collect All Security Events then I can see that logs are received and I can query/filter Logs and see…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-07-25T08:53:15.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Renat Khamzin
21
Reputation points
answered 2025-08-11T18:50:27.2233333+00:00
EduardsGrebezs
1,096
Reputation points
1 answer
Cant Import Sentinel Alert Rules
Good morning, I am having difficulty importing sentinel rules after I deleted old ones. I deleted the old rules on friday 9/27 9am EST and am getting the error the rule with ID 'xyz' was recently deleted. You need to allow some time before re-using the…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-09-30T13:22:40.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Eugene Golovanyuk
45
Reputation points
commented 2025-08-05T15:00:32.24+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 7.000000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Émilio Gonzalez
0
Reputation points
3 answers
Microsoft sentinel not ingesting M365 connector data
Greetings, we have this situation where the data connector for M365 isn't ingesting logs to sentinel. The connector shows as connected, but no logs are being ingested From the health data, they give this message: "Tenant does not exist in the O365…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-05-01T11:58:52.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Brandon DeVane
0
Reputation points
commented 2025-08-05T14:50:16.4233333+00:00
Brandon DeVane
0
Reputation points
2 answers
One of the answers was accepted by the question author.
How to resolve about Sentinel and XDR not connecting properly.
We are currently doing integration testing between Sentinel and XDR. After onboarding and offboarding the workspace from XDR side several times ,following the steps provided in Microsoft's official documentation, encountered the following…
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,745 questions
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-11-23T16:11:42.9666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 14.000000000000002%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Ryo Suzuki
25
Reputation points
edited an answer 2025-08-04T03:14:12.6233333+00:00
Pradeep M
9,790
Reputation points Microsoft External Staff
Moderator
2 answers
Cannot enable UEBA feature on Sentinel
Hi, I'm having some issues while trying to enable the UEBA feature in a Sentinel instance. When I try to turn the switch ON, I get the following error message: "Updating the Entity Providers failed". I've seen 2 questions related to this…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-11-06T12:02:39.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 15%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Alberto Barrado Jiménez
5
Reputation points
edited a comment 2025-08-03T15:25:49.63+00:00
Pradeep M
9,790
Reputation points Microsoft External Staff
Moderator
2 answers
Unable to create sentinel lab solution from marketplace
Hello, Unable to create sentinel lab solution from marketplace. It keeps saying terminal provisioning failure,
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-10-18T05:43:05.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 1%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES3%3C/text%3E%3C/svg%3E)
SantoshHaribabu-3135
41
Reputation points
edited a comment 2025-08-02T13:37:24.0666667+00:00
Pradeep M
9,790
Reputation points Microsoft External Staff
Moderator
0 answers
Issue with Sentinel Watchlist Sync – Entries Not Reflecting in Queries
There is more than 100 watchlist in Azure Sentinel Workspace but only 7 is displayed. Is this a known issue?
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2025-07-29T14:15:26.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 2%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
ZTS
60
Reputation points
commented 2025-08-01T15:23:17.6566667+00:00
Raja Pothuraju
32,395
Reputation points Microsoft External Staff
Moderator
1 answer
Sentinel to Jira intergration
Hi team, Currently i am working on sentinel to jira integration, i couldn't find any better documentation for the process. Iam focusing on this for Auto-creation of tickets in Jira for incidents generated in Sentinel. Bi-directional sync for assigned…
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-08-23T04:11:44.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 85%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jithin Raj
0
Reputation points
commented 2025-08-01T15:14:46.7833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 21%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Johnny Waterschoot
0
Reputation points
2 answers
One of the answers was accepted by the question author.
Summary rules - showing 404
I can no longer view summary rules. When I click on Summary rules it shows an error "NOT FOUND" Anybody noticed this lately? It was working pretty well before 5th of December.
Microsoft Security | Microsoft Sentinel
1,309 questions
asked 2024-12-09T11:03:30.0666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khanna, Keshav
20
Reputation points
edited a comment 2025-07-31T06:09:07.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RNareddy
2,505
Reputation points Microsoft External Staff
Moderator