Microsoft 365 to wix setup4/23/2024 To use the interactive map, the data must contain longitude and latitude data. To query the tables, select the workspace and enter the query as you would normally do in the Sentinel Logs screen. Once the connection has been set up, it should be viewable under Connections in the left menu.įigure 5 A table from the newly configured connection If the Log Analytics workspace is in a tenant other than the one signed in as in Azure Data Explorer, the tenant can be switched on this screen as well.įigure 4 Adding the connection URI to Azure Data Explorer (ADX) Ensure that the Log Analytics workspace configured in the connection URI is in the tenant shown at the bottom of the window. Once the connection URI has been updated with the required values, it can be added to the section in Azure Data Explorer, and once a display name has been entered click Add. resourcegroups/ /providers/microsoft.operationalinsights/workspaces/ The connection URI needs to be in the following format: By going to the Log Analytics workspace’s page, the page below will open.įigure 3 Workspace settings of the Sentinel instance This is also true if you’re connecting to a Log Analytics workspace without Sentinel. Resource group name – this is the resource group where the Log Analytics workspace is inĪll of these can be found simply by clicking on Settings in the Sentinel menu and then clicking Workspace settings.įigure 2 Workspace settings of the Sentinel instanceĪfter clicking on Workspace settings, the information required will be available on the screen as shown below.To connect to a Sentinel instance (it’s actually the Log Analytics workspace), the following information is required: The first step is to go to the Azure Data Explorer web app and click on Add in the top left of the screen, and then select Connection.įigure 1 Adding connection to Azure Data Explorer (ADX)Īt this point, a window will appear asking for a connection. The setup required for this is simple and only takes a few minutes. This article will use Azure Data Explorer for all examples. Instead, the Azure Data Explorer web app or Kusto Explorer desktop app must be used. As of the writing of this blog article, it’s not possible to use the interactive map directly within the Logs section of Sentinel or Log Analytics workspace. This is where using interactive maps for Sentinel and Log Analytics workspace comes into play. When working with data which includes geographic related information such as Microsoft Entra sign-in logs, visualizing the data through a proper medium is essential to making the most use of the data. During investigations – both proactive and reactive – visualizing data in different formats offers value into finding anomalies, patterns, and insights difficult to spot. This data is only as good as the analytical value it brings. There’s a plethora of data connectors for Microsoft Sentinel, from Microsoft and Azure services to third party sources and custom logs.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |