Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
1,429 questions with Microsoft Security | Microsoft Sentinel tags
1 answer
KQL related question -- How to make the a query that would combine 3 columns into one specific column
I am trying to create a KQL query aggregate 3 different column that has the same TimeGenerated. It has the same operation, but different values for the 2 other column. What I am trying to see is: | project TimeGenerated, AuditChange AuditChange would…
Microsoft Security | Microsoft Sentinel
asked 2026-06-05T07:45:58.2866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Ranniell Dalope
0
Reputation points
commented 2026-06-08T11:14:04.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sridevi Machavarapu
33,130
Reputation points Microsoft External Staff
Moderator
0 answers
need demo for Sentinel
need demo for Sentinel , we area looking for a siem solution very difficult to contact microsoft
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-06-08T09:35:39.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 92%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Syed Abdullah Shah
0
Reputation points
commented 2026-06-08T09:59:05.61+00:00
Syed Abdullah Shah
0
Reputation points
1 answer
How are hackers able to access the Calendar App to PHISH
First of all, I almost never use the Calendar App. Currently, I have discovered three separate postings to my Calendar that are obvious (to me) to be Phishing attempts. So, how do I stop this, and seek punishment for the "Hackers"?
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-30T13:34:11.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Francis Clark
0
Reputation points
commented 2026-05-30T22:47:54.1066667+00:00
Francis Clark
0
Reputation points
1 answer
DCR Data Sources only showing in classic version
Hello, I'm using microsoft sentinel to ingest events into a custom table in log analytics, and the data source I'm using is something like "Custom-table_CL" where table is the name in log analytics. This data source can only be found in the…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-12T18:32:50.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 82%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJY%3C/text%3E%3C/svg%3E)
Joshua Yeh
0
Reputation points
answered 2026-05-27T12:08:01.8566667+00:00
Konstantinos Lianos
425
Reputation points Student Ambassador
2 answers
One of the answers was accepted by the question author.
Sentinel SIEM
How can I achieve multi-tenancy in Microsoft sentinel without them having sentinel that I can access via lighthouse, is there a different method? If a client wants me to monitor only their third party EDR and i already onboarded the same third party on…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-26T12:54:48.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 72%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPZ%3C/text%3E%3C/svg%3E)
Phumlani Zwane
60
Reputation points
accepted 2026-05-27T08:48:02.0033333+00:00
Phumlani Zwane
60
Reputation points
1 answer
One of the answers was accepted by the question author.
Update Data Connector causing error "The gateway did not receive a response from 'Microsoft.SecurityInsights' within the specified time period."
Hi, Could you please help to make CCF data connector able to complete "Update Data Connectors" successfully. DCR "Lookout Mobile Threat Detection Connector (via Codeless Connector Framework) (Preview)" (deployed as solution from here…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-25T10:39:53.7333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 31%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
Gregory Ostapenko
20
Reputation points
edited a comment 2026-05-27T03:02:15.1266667+00:00
Gregory Ostapenko
20
Reputation points
1 answer
Sentinel workspace cannot be created
Hi, I had a workspace and I have added it to Sentinel. Everything was working fine. Then I created another LAW on another subscription within the same tenant. I could not add it to Sentinel. I have moved all my resources to the new subscription including…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 10%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
2 answers
Microsoft Sentinel Question in Practice Exam for SC 200
Question: You have an Azure subscription that uses Microsoft Sentinel. You create a user named Admin1. You need to ensure that Admin1 can add playbooks in Microsoft Sentinel. The solution must follow the principle of least privilege. Which role should…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2024-12-07T12:47:14.5566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 38%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Volston Abreo
0
Reputation points
answered 2026-05-22T14:51:43.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 48%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
BARRY, Abdoulaye
0
Reputation points
2 answers
Unable to connect Microsoft Sentinel workspace to Defender portal as Primary workspace
Hello, We are unable to connect a Microsoft Sentinel workspace to the Microsoft Defender portal and set it as the Primary workspace. Error shown in Microsoft Defender portal: "Failed to connect primary workspace" "Couldn't connect…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-18T06:26:07.0633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
נדב שלום
0
Reputation points
commented 2026-05-20T20:27:58.5133333+00:00
Raja Pothuraju
47,640
Reputation points Microsoft Employee
Moderator
1 answer
CCF Data Connector - Pass Generated Access Token from POST API to Subsequent GET API in Azure CCP Connector
We are developing a CCP connector in Azure and are facing an issue with API authentication flow implementation. Scenario The first API endpoint is a POST request used to generate an access_token. This API requires a secret key to be passed in…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-13T12:17:11.7066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 12%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFS%3C/text%3E%3C/svg%3E)
Fenil Savani
0
Reputation points
commented 2026-05-18T10:55:19.9033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rukmini
42,510
Reputation points Microsoft External Staff
Moderator
2 answers
Microsoft Sentinel Keeper Security Connector Fails to perform app registration
When trying to Follow the keeper instructions and push the button to deploy the app registration of the Keeper Push Connector, I receive the following error message. Keeper support said I needed to contact Microsoft. I have an active Global Admin role…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-14T14:06:55.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 46%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Todd Portz
0
Reputation points
commented 2026-05-15T10:53:08.9366667+00:00
Rukmini
42,510
Reputation points Microsoft External Staff
Moderator
1 answer
Microsoft Sentinel Stuck in a Loop in the Defender Portal
In the microsoft defender portal with sentinel, i have connected, disconnected and waited 30 minutes, and reconnected the SIEM workspace. if i go to sentinel and any of the tabs in defender, it just loops to the connectors page as if the workspace is not…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-12T03:48:26.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 19%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Malaurm
0
Reputation points
commented 2026-05-14T08:34:04.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shubham Sharma
17,165
Reputation points Microsoft External Staff
Moderator
2 answers
How to create email alert based on KQL query result regularly in Sentinel ?
Using the Sentinel Platform, how to create email alert based on KQL query result regularly in Sentinel? This is the KQL Query I am trying to get some alerting immediately when there is any result returned. SigninLogs | where TimeGenerated >…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-13T02:45:32.7166667+00:00
EnterpriseArchitect
6,386
Reputation points
answered 2026-05-13T03:34:16.7833333+00:00
Shubham Sharma
17,165
Reputation points Microsoft External Staff
Moderator
1 answer
How to connect the SAP JAVA single Stack Application to MS sentinel using agentless connector
Hi, We required to integrate a SAP JAVA application with MS sentinel using Agentless connector. Cloud you please help us to provide any KBA or the Guide or steps to perform this integration. It is helpful for us to fulfill the project needs Thanks and…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-04T10:44:07.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Bhaldar, Riyaj (Ext)
0
Reputation points
commented 2026-05-12T11:56:04.3666667+00:00
Bhaldar, Riyaj (Ext)
0
Reputation points
1 answer
Microsoft Sentinel
Hello there, My first question is if content hu moved to Defender from Sentinel. Then trying to find sentinel optimization workbook and I dont see it and most important the SignInLogs table doesn not appear in Defender. I enabled Entra ID diagnostic…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-05-08T07:16:58.1333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 54%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Andreas Tsouras
20
Reputation points
answered 2026-05-08T09:37:45.0433333+00:00
Shubham Sharma
17,165
Reputation points Microsoft External Staff
Moderator
1 answer
Datalake in Sentinel is not working properly since completing this course: TechWorkshop L300: Understanding Sentinel data lake and graph
Datalake in Sentinel is not working properly since completing this course: TechWorkshop L300: Understanding Sentinel data lake and graph in Microsoft. I have no access to Datalake tables or Datalake features since completing this course. Part of the…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-04-25T18:41:12.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 28.000000000000004%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
System Administrator
0
Reputation points
answered 2026-05-06T10:35:10.8166667+00:00
Konstantinos Lianos
425
Reputation points Student Ambassador
1 answer
How do I find my Windows Advertising Identifier number
I want to find my MAID number for my computer so that I can enter in California's new DROP program.
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-01-28T04:55:26.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 46%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Tinker
0
Reputation points
answered 2026-05-06T10:19:36.11+00:00
Konstantinos Lianos
425
Reputation points Student Ambassador
1 answer
CCF Data Connector – Pagination and Checkpoint handing with PageToken & PageStartTime
Hi Team, I am currently developing a custom Azure Sentinel Data Connector via the Common Connector Framework (CCF) for Google SecOps APIs. I am currently facing challenges related to pagination handling and state management for subsequent…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-04-17T12:16:23.0133333+00:00
Fenil Savani
0
Reputation points
edited a comment 2026-05-05T07:48:11.53+00:00
Shubham Sharma
17,165
Reputation points Microsoft External Staff
Moderator
1 answer
Migration Path for [DEPRECATED] VMware Carbon Black Cloud (using Azure Function) Sentinel Connector
Hello, We have been using the VMware Carbon Black Cloud (using Azure Function) Sentinel Connector for many years to gather logs from Carbon Black. The current connector is deprecated now though, and the only option that has been added to the Content Hub…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-04-30T22:17:05.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 52%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AndrewFury
0
Reputation points
commented 2026-05-01T22:28:48.48+00:00
Sridevi Machavarapu
33,130
Reputation points Microsoft External Staff
Moderator
2 answers
One of the answers was accepted by the question author.
Issue with Sentinel Watchlist visibility
There are multiple internal watchlist which we use but today out of a sudden their visibility is missing. What can be the reason, this is causing multiple fails in playbooks too
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,429 questions
asked 2026-04-28T12:47:00.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 83%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sayan Dutta
30
Reputation points
commented 2026-04-29T14:50:22.74+00:00
Sayan Dutta
30
Reputation points