Event banner
Event details
- TrevorRusher
Community Manager
That concludes today's AMA! Thank you for joining.- Thanks!!!
- Is Sentinel a platform to host detection rules or does it also host the log data? If it is hosting data, is it recommended that the data be enriched before hitting Sentinel?
PrateekTanejaMicrosoft
Microsoft Sentinel is built on top of Log Analytics, so yes it can host log data. In most scenarios, data can be enriched after hitting Sentinel with native Sentinel capabilities as well as custom workflows.
- Hi, my question is not directly about siem migration but do you know when the data types such as EnrichedOffice365AuditLogs, AADRiskyUsers etc. from the Entra ID Connector will be out of the preview?
- PrateekTanejaWe will have information to share at a later date. When the ingestion of these log types is Generally Available, we will make a formal announcement.
- TrevorRusherThe Microsoft team is here to answer your questions! Don't be shy, ask questions related to the topic down below!
- Hi, not a direct question for the migration, but do you happen to know when the GA for the Logic App Incident Trigger in Sentinel is planned? Thank you!
- Matt_LoweWe will have information to share at a later date. When the feature goes GA, we will post a blog about it as a formal announcement.
- TrevorRusherThe AMA has now begun! Please ask your questions down here in the comments (in new threads please).
Hi ,
My question is not directly related to SIME Migration but related to sentinel connectivity to AML Notebooks for hunting. Please execuse me if its not the right forum to put my query here
I have a difficult to connect sentinel with notebook as my azure machine learning workspace and the storage account connected with aml is restricted with firewall. Whenever we try to connect sentinel with aml workspace we get the error like below for the API callhttps://abc12121.workspace.eastus2.api.azureml.ms/notebook/v2.0/subscriptions/<>/resourceGroups/<>/providers/Microsoft.MachineLearningServices/workspaces/<>/storage/sasurl?expirationInMinutes=30&containerId=391ff5ac-6576-460f-ba4d-7e03433c68b6{ "error": { "code": "UserError", "severity": null, "message": "Request authorization to storage account failed. Storage account might be behind a VNET.", "messageFormat": null, "messageParameters": null, "referenceCode": null, "detailsUri": null, "target": null, "details": [], "innerError": { "code": "ForbiddenError", "innerError": null }, "debugInfo": null, "additionalInfo": null }, "correlation": { "operation": "ce8d08a6cb9c01e94b25b85a2ea152d4", "request": "eeb011e918368db4" }, "environment": "eastus2", "location": "eastus2", "time": "2024-08-20T13:28:00.3418504+00:00", "componentName": "notebook-instance", "statusCode": 403 }We created a ms support ticket (tracking ID for reference 2407030040011151) 4 months back and its not moving forward effectively. So far the response we receive is its a design limitation that we need to remove the private endpoint on SA https://learn.microsoft.com/en-us/azure/sentinel/notebooks-hunt?tabs=private-endpoint#launch-a-notebook-in-your-azure-machine-learning-workspace
even after removing the private endpoint (but keeping the limited IP of sentinel in the firewall) its still giving the same error
Could you please help me with my 2 queries below
- Whether sentinel aml notebook integreation required a storage acccount to by a Public one without any restiction on firewall IPs ? - This is currently not captured properly in the documentation
- What is the purpose of this API (Which is failing now) ? or Why a SAS token is needed as most of the authentications were Managed Identity based ?
Thanks !
Jayendran
- TrevorRusherHey Jayendran, This question is not related to the topic of the AMA, so unfortunately we can't help you here. Best of luck with MS Support.
Cesar_Hara.
- TrevorRusherHi Cesar, the AMA will take place right here on the event page! Just ask your question down in the comment section here and the team will do their best to get to it during the live our next Wednesday.
- TrevorRusherExcited to host this event for you all next week! Remember to ask your questions down below in this comment session so the team can answer!
