Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Exchange Security Insights On-Premise Collector receives no logs

Open thom2804 opened this issue 1 year ago • 1 comments

I have an environment where there is an on premise Exchange server active, I have made sure to follow all the steps listed on the data connector page, the ESI collector script has been installed on the Exchange Server in the environment of the customer and is scheduled to run every day at 22:00, yesterday evening was the first run however the data connector did not receive any logs. (similar as #9894) I attempted to run the ExchangeEnvironmentList and ExchangeConfiguration parsers, I am encountering errors:

For the ExchangeEnvironmentList parser I am getting errors after attempting to run the query with the parameters simulation lines uncommented: union: must have at least one operand that can be evaluated successfully when running with 'Fuzzy' mode. Image Image

For the ExchangeConfiguration parser I am also getting errors when attempting to run the query with the parameters simulation lines uncommented: 'extend' operator: Failed to resolve scalar expression named 'ESIEnvironment_s' Image

I have also already verified the table in my workspace which is setup as a Custom table (classic): Image

Anyone knows what steps I need to take to resolve the issue.

thom2804 avatar Oct 22 '24 09:10 thom2804