v-atulyadav
commented
3 months ago Hi @mariavaladas, Could you please share with us a successful running connector screenshot and invocation logs? Thanks.
Closed mariavaladas closed 3 months ago
v-atulyadav
commented
3 months ago Hi @mariavaladas, Could you please share with us a successful running connector screenshot and invocation logs? Thanks.
mariavaladas
commented
3 months ago Hi, Sure, here is a screenshot of the event 4104 from PowerShellCore and Windows PowerShell that I am collecting from this DCR. Do you need anything else? Thanks! [cid:1ea50a36-c9c5-4ad3-b538-e658f20d0a9f]
María de Sousa-Valadas Castaño
Senior Product Manager
Microsoft Sentinel, Customer Experience Team
@.**@.> | +34 606742327 | Timezone CET/CEST
[Microsoft_Logo_new2]
From: v-atulyadav @.> Sent: Friday, June 28, 2024 11:29 AM To: Azure/Azure-Sentinel @.> Cc: Maria de Sousa-Valadas Castaño @.>; Mention @.> Subject: Re: [Azure/Azure-Sentinel] Create DataCollectionRulePowerShellEvents (PR #10692)
Hi @mariavaladashttps://github.com/mariavaladas, Could you please share with us a successful running connector screenshot and invocation logs? Thanks.
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azure-Sentinel/pull/10692#issuecomment-2196499150, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQVI5I4B4UUB2JGAW5UH63TZJUUHHAVCNFSM6AAAAABJZXXL2GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJWGQ4TSMJVGA. You are receiving this because you were mentioned.Message ID: @.***>
v-shukore
commented
3 months ago Hi @mariavaladas not able to view this screenshot which you have sent yesterday.
Could you please send again success screenshot.
Thanks!!
mariavaladas
commented
3 months ago @v-shukore , sorry, I responded via email and somehow the screenshot was lost. Trying again from GitHub.
mariavaladas
commented
3 months ago Thanks!
María de Sousa-Valadas Castaño
Senior Product Manager
Microsoft Sentinel, Customer Experience Team
@.**@.> | +34 606742327 | Timezone CET/CEST
[Microsoft_Logo_new2]
From: v-dvedak @.> Sent: Tuesday, July 2, 2024 11:56 AM To: Azure/Azure-Sentinel @.> Cc: Maria de Sousa-Valadas Castaño @.>; Mention @.> Subject: Re: [Azure/Azure-Sentinel] Create DataCollectionRulePowerShellEvents (PR #10692)
Merged #10692https://github.com/Azure/Azure-Sentinel/pull/10692 into master.
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azure-Sentinel/pull/10692#event-13363280015, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQVI5I6WNFUNZTTOLMGENYLZKJ2MXAVCNFSM6AAAAABJZXXL2GVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJTGM3DGMRYGAYDCNI. You are receiving this because you were mentioned.Message ID: @.***>
This data collection rule filters event 4104 from PowerShell or PowerShell Core and streams it to the WindowEvent table. It also filters out events that are not so valuable (e.g. generated by system accounts, etc.)
Required items, please complete
Change(s):
I have created a new data collection rule. This data collection rule filters event 4104 from PowerShell or PowerShell Core and streams it to the WindowEvent table. It also filters out events that are not so valuable (e.g. generated by system accounts, etc.)
Reason for Change(s):