Microsoft Sentinel Blog

Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Options
3,827
Matt_Lowe on Mar 14 2024 05:21 PM
2,922
Umesh_Nagdev on Feb 20 2024 07:04 AM
2,491
Josefa-Sepulveda on Feb 08 2024 07:58 AM
4,482
BenjiSec on Feb 06 2024 04:03 AM
3,425
PrateekTaneja on Feb 04 2024 10:22 PM
4,896
madesous on Jan 17 2024 05:27 AM
2,754
GBushey on Jan 16 2024 07:20 AM
2,891
VipulDabhi on Jan 08 2024 11:11 AM
5,428
timurengin on Jan 08 2024 11:10 AM
22.8K
Josefa-Sepulveda on Jan 02 2024 02:24 AM
45.1K
Arjun_Trivedi on Nov 29 2023 10:13 PM
9,140
skochavi on Nov 27 2023 01:21 PM
8,023
ShaharAviv on Nov 20 2023 10:27 PM
6,102
Eric Burkholder on Nov 15 2023 02:26 PM
57.4K
Erez Einav on Nov 15 2023 08:00 AM
4,976
mahmoudmsft on Nov 08 2023 10:02 AM
13.7K
Pete Bryan on Sep 21 2023 03:02 PM
15.5K
lili on Sep 05 2023 12:18 AM
6,729
Tiander Turpijn on Aug 30 2023 04:33 AM
17.9K
Jeremy Tan on Aug 23 2023 04:30 AM
7,174
Matt_Lowe on Aug 22 2023 09:30 AM
12.7K
Nicolas Lepagnez on Aug 09 2023 04:44 AM
11.4K
MichalShechter on Aug 01 2023 11:02 AM
8,726
Maayan_Magenheim on Jul 25 2023 07:09 AM
11.5K
Beth_Bischoff on Jul 11 2023 04:00 AM
36.5K
chaitra_satish on Jul 10 2023 08:30 AM
9,520
Preeti_Krishna on Jul 10 2023 07:43 AM
13K
yohasson on Jul 06 2023 06:05 AM

Latest Comments

Thank you for this. It looks like Microsoft Exchange Security for Exchange Online - Microsoft Azure) solution uses the Azure Monitor HTTP Data Collector API - Azure Monitor | Microsoft Learn which is "deprecated and will no longer be functional as of 9/14/2026". Will the solution be updated to use t...
0 Likes
@timurengin Hello kind sir,Adding additional tasks (more then 1) in the yml file where you specifiy workingDirectory causes DevOps pipeline to overwrite each tasks tracking_table_<id>.csv. This is with the default powershellscript created by connecting Sentinel out the box.Example issue:Task 1 creat...
0 Likes
I'm experiencing an issue while trying to create Sentinel solution through bicep file deployment.// azure sentinel// workspace creationparam location string = resourceGroup().locationresource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {name: 'ul-sda-np-alaw-cae-002'location: l...
0 Likes
The SIR Work Notes are supposed to be updating when the Status changes (as previously stated, we get New/Active now).At this point we're not focused on ServiceNow writing back to Sentinel, so the field mapping is not urgent.
0 Likes
@Torch2002 We're not getting any updates when a Sentinel Incident is Closed (only New or Active).Have you mapped the fields in Snow to what they need to update in Sentinel? You need to tell Snow what the mappings are so it can close things as True - positive etc. otherwise it just returns unknown et...
0 Likes