Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Sentinel Data Connector

2 Topics

Get AzSentinelDataConnector no output
Hi All, I'm trying to export the list of all the data connectors using powershell module Az Security Insight. when I run the command Get-AzSentinelDataConnector, I have no output PS C:\Users\> Get-AzSentinelDataConnector -ResourceGroupName "Resourcegroup Name" -WorkspaceName "WorkSpace Name" PS C:\Users\> while using the command Get-AzSentinelAlertRuleTemplate I have all the alert rule as output PS C:\Users\> ... Kind : NRT LastUpdatedDateUtc : 30-Aug-22 12:00:00 AM Name : 5db427b2-f406-4274-b413-e9fcb29412f8 Query : AuditLogs | where ActivityDisplayName =~'Add member to role completed (PIM activation)' | where Result == "failure" ... RequiredDataConnector : {AzureActiveDirectory} Severity : High ... PS C:\Users\> Can someone support me? Thanks, lg
lgab18
Mar 09, 2023 Place Windows PowerShell
960Views
0likes
3Comments
Log data for connecting and disconnecting Sentinel Data Connectors
Just wondering if anyone has any knowledge of where log data for connecting and disconnecting Sentinel Data connectors might be stored. We ran into this scenario in my production environment where the Azure Active Directory connectors for AuditLogs and SigninLogs were suddenly disconnected and no one has any record of when or why. I've since turned the connectors back on but I can't isolate the event or actor where the log was turned off. Has anyone had any experience with this, or could point me to a doc where I might generate a query to find this event? I can see roughly when the logs were turned off, and they were off for over a week.
Solved
gcorsini
Nov 23, 2021 Place Microsoft Learn
2.4KViews
1like
1Comment