Workbook - VMware ESXi "Root Sessions" is not found results #9469
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @jeffrywu28, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 29-11-2023. Thanks! |
v-sudkharat
added
Solution
|
Hi @jeffrywu28, we are unable to reproduce this issue, could you please share the sample data with us? so, we can check it from our end. Thanks! |
|
Hi @jeffrywu28, we are waiting for your response on above comment. thanks! |
|
Hi @jeffrywu28, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 07-12-2023 date, we will be closing this issue. |
|
@v-sudkharat sure, what platform or email you can provide to me? |
|
I want to upload my sample |
|
Hi @jeffrywu28m, you can provide sample data with us over github itself or sent on this mail id - v-sudkharat@microsoft.com |
|
Hi @jeffrywu28, we are waiting for sample data from you. could you please have a look at above comment and sent on that mail id or you can share it over this GitHub chat as well. Thanks! |
|
Hi @jeffrywu28, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 13-12-2023 date, we will be closing this issue. |
|
Hi @jeffrywu28, thanks for sharing the logs with us. we will check on this issue and get back to you by - 20-12-2023. Thanks! |
|
Hi @jeffrywu28, we are working on ingesting the data shared by you, meanwhile could you please check on our shared comment- |
|
Hi @jeffrywu28, could you please custom add workbook and let us know you are getting expected result.
5.click advance edit -
Thanks! |
|
Hi @jeffrywu28, I hope you are doing well. Thanks for sharing data with us. We are getting issue while ingest the data into LAW due to large volume, so it would be great if you check our recent comment and let us know your get the expected result. So we can procced on that. Thanks! |
|
Hi @jeffrywu28, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 05-01-2024 date, we will be closing this issue. |
|
Hi @jeffrywu28, since we have not received a response in the last 5 days, we are closing your issue #9469 as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation. |
Describe the bug
Please fix your built-in dashboard about Vmware ESXi, the 1 of the panel that titled Root Sessions never showing any result.
To Reproduce
Steps to reproduce the behavior:
currently built-in query:
VMwareESXi
| where SyslogMessage has_all ('UserLoginSessionEvent', 'denis', 'logged in')
//| extend SrcUsername = extract(@'User\s(.*?)@\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', 1, SyslogMessage)
| extend SrcIpAddr = extract(@'@(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})', 1, SyslogMessage)
| order by TimeGenerated
| project EventTime = TimeGenerated, SourceAddress = SrcIpAddr
it must be :
VMwareESXi
| where SyslogMessage has_all ('root', 'logged in')
//| extend SrcUsername = extract(@'User\s(.*?)@\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', 1, SyslogMessage)
| extend SrcIpAddr = extract(@'@(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})', 1, SyslogMessage)
| order by TimeGenerated
| project EventTime = TimeGenerated, SourceAddress = SrcIpAddr
Expected behavior
there is value at there and it must showing the result.
Screenshots
Expected Screenshots
The text was updated successfully, but these errors were encountered: