 | Has anyone encountered issues when running cross-workspace queries within the same tenant? I faced this before,it only worked when I referenced the workspace ID instead of the name in the query. Tried importing the JSON again, but the error persists. [link] [comments] |
Anyone else noticing that query history isnβt showing anything for the current month? Ours only goes up to the end of July 2025. Seems to be affecting everyone on our team in the W. Europe region curious if others are seeing the same thing?
I'm trying to export only a specific log type from the CommonSecurityLog, but I'm having trouble figuring out the process. I don't want to export the entire set of CEF logs, and I noticed that functions aren't available when configuring data export. Is there a method to export just one log type from the CEF logs to Event Hub? for ex logs from only palo alto and not fortinet under CEF.
Today, weβre announcing that we are moving to the next phase of the transition with a target to retire the Azure portal for Microsoft Sentinel by July 1, 2026. Customers not yet using the Defender portal should plan their transition accordingly.
What are your thoughts on this,folks? Do they genuinely believe this is achievable? I understand the goal is to move toward Defender XDR, but Iβm still uncertain about how this transition might impact us.
Especially the fusion alerts, graph Api automations , logicapps, tasks and RBAC.
| | Has anyone here implemented this flow? What is it like to have version control and centralized deployment, along with rules backup? Do you still need to use GitHub for backend code control and use variables for whitelisting in DevOps? The idea is to avoid storing our detections and whitelists in GitHub repositories for security reasons. [link] [comments] |
We are currently in the process of migrating servers from MMA to AMA and, along the way, evaluating best practices for managing Domain Controllers in Azure. While we have implemented Defender for Identity on the DCs and addressed RBAC configurations, we're still navigating through some Auditor-related challenges. That said, beyond onboarding the DCs via Azure Arc, are there any recommended best practices for collecting security-relevant events from Domain Controllers?
Is anyone else experiencing an issue where Sentinel is not generating any incidents in the console, despite the analytical rules (both scheduled and NRT) showing successful run statuses? It's unusual to have no incidents triggered for over three hours. No health issues have been observed with the log ingestion either.
Login
